Malware Analysis Report

2025-08-10 16:32

Sample ID 250419-hxrrva1mw5
Target JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2
SHA256 c9fd2f88ae1d80838434f52f63ecc3009bda52cc0b76238121d6068999f13a43
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c9fd2f88ae1d80838434f52f63ecc3009bda52cc0b76238121d6068999f13a43

Threat Level: Known bad

The file JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

UAC bypass

Pykspa

Modifies WinLogon for persistence

Pykspa family

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Blocklisted process makes network request

Checks computer location settings

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Looks up external IP address via web service

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-19 07:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-19 07:07

Reported

2025-04-19 07:09

Platform

win10v2004-20250313-en

Max time kernel

44s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\belxwgq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\agqfhuhnxd = "duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\hulhqkerivneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\qewtdythzngypnuufk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\hulhqkerivneurxwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Windows\hulhqkerivneurxwg.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\amcxfyrdtfwmbxca.exe N/A
N/A N/A C:\Windows\duppcaypkbxsmnxaownii.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\duppcaypkbxsmnxaownii.exe N/A
N/A N/A C:\Windows\bqjhsokzshbumltugmb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
N/A N/A C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
N/A N/A C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
N/A N/A C:\Windows\bqjhsokzshbumltugmb.exe N/A
N/A N/A C:\Windows\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\duppcaypkbxsmnxaownii.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Windows\duppcaypkbxsmnxaownii.exe N/A
N/A N/A C:\Windows\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\amcxfyrdtfwmbxca.exe N/A
N/A N/A C:\Windows\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
N/A N/A C:\Windows\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
N/A N/A C:\Windows\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Windows\hulhqkerivneurxwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Windows\qewtdythzngypnuufk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
N/A N/A C:\Windows\duppcaypkbxsmnxaownii.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "qewtdythzngypnuufk.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "bqjhsokzshbumltugmb.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "hulhqkerivneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "amcxfyrdtfwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\duppcaypkbxsmnxaownii.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "amcxfyrdtfwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "bqjhsokzshbumltugmb.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ranfkaqzmvjwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vcndguipaht = "oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "duppcaypkbxsmnxaownii.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "duppcaypkbxsmnxaownii.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\scqjpgxhvfuivp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\amcxfyrdtfwmbxca.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "hulhqkerivneurxwg.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "qewtdythzngypnuufk.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qewtdythzngypnuufk.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qucppalp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hulhqkerivneurxwg.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "bqjhsokzshbumltugmb.exe ." C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\samdhwltfnam = "qewtdythzngypnuufk.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqjhsokzshbumltugmb.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "qewtdythzngypnuufk.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qucppalp = "oeyxjgdtndyslluwjqga.exe" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmvjkwinw = "oeyxjgdtndyslluwjqga.exe ." C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File created C:\Windows\SysWOW64\dejtqyghmntycnhusklqaxfnotu.fju C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\dejtqyghmntycnhusklqaxfnotu.fju C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\SysWOW64\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File created C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Program Files (x86)\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File created C:\Program Files (x86)\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\dejtqyghmntycnhusklqaxfnotu.fju C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\amcxfyrdtfwmbxca.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\oeyxjgdtndyslluwjqga.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\umijxwvnjbyuprcgvewsth.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
File opened for modification C:\Windows\qewtdythzngypnuufk.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qewtdythzngypnuufk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2780 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2780 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2780 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4516 wrote to memory of 544 N/A C:\Windows\system32\cmd.exe C:\Windows\amcxfyrdtfwmbxca.exe
PID 4516 wrote to memory of 544 N/A C:\Windows\system32\cmd.exe C:\Windows\amcxfyrdtfwmbxca.exe
PID 4516 wrote to memory of 544 N/A C:\Windows\system32\cmd.exe C:\Windows\amcxfyrdtfwmbxca.exe
PID 4864 wrote to memory of 4824 N/A C:\Windows\system32\cmd.exe C:\Windows\duppcaypkbxsmnxaownii.exe
PID 4864 wrote to memory of 4824 N/A C:\Windows\system32\cmd.exe C:\Windows\duppcaypkbxsmnxaownii.exe
PID 4864 wrote to memory of 4824 N/A C:\Windows\system32\cmd.exe C:\Windows\duppcaypkbxsmnxaownii.exe
PID 4824 wrote to memory of 4868 N/A C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4824 wrote to memory of 4868 N/A C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4824 wrote to memory of 4868 N/A C:\Windows\duppcaypkbxsmnxaownii.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 6112 wrote to memory of 6044 N/A C:\Windows\system32\cmd.exe C:\Windows\duppcaypkbxsmnxaownii.exe
PID 6112 wrote to memory of 6044 N/A C:\Windows\system32\cmd.exe C:\Windows\duppcaypkbxsmnxaownii.exe
PID 6112 wrote to memory of 6044 N/A C:\Windows\system32\cmd.exe C:\Windows\duppcaypkbxsmnxaownii.exe
PID 5008 wrote to memory of 5012 N/A C:\Windows\system32\cmd.exe C:\Windows\bqjhsokzshbumltugmb.exe
PID 5008 wrote to memory of 5012 N/A C:\Windows\system32\cmd.exe C:\Windows\bqjhsokzshbumltugmb.exe
PID 5008 wrote to memory of 5012 N/A C:\Windows\system32\cmd.exe C:\Windows\bqjhsokzshbumltugmb.exe
PID 5384 wrote to memory of 5552 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
PID 5384 wrote to memory of 5552 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
PID 5384 wrote to memory of 5552 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe
PID 5012 wrote to memory of 3036 N/A C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 5012 wrote to memory of 3036 N/A C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 5012 wrote to memory of 3036 N/A C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 5896 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
PID 5896 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
PID 5896 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
PID 2460 wrote to memory of 3920 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
PID 2460 wrote to memory of 3920 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
PID 2460 wrote to memory of 3920 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe
PID 2184 wrote to memory of 5580 N/A C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2184 wrote to memory of 5580 N/A C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2184 wrote to memory of 5580 N/A C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 1412 wrote to memory of 228 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1412 wrote to memory of 228 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1412 wrote to memory of 228 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 228 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe C:\Windows\System32\Conhost.exe
PID 228 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe C:\Windows\System32\Conhost.exe
PID 228 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe C:\Windows\System32\Conhost.exe
PID 1488 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
PID 1488 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
PID 1488 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
PID 1488 wrote to memory of 5700 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
PID 1488 wrote to memory of 5700 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
PID 1488 wrote to memory of 5700 N/A C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe C:\Users\Admin\AppData\Local\Temp\belxwgq.exe
PID 5848 wrote to memory of 1696 N/A C:\Windows\system32\cmd.exe C:\Windows\oeyxjgdtndyslluwjqga.exe
PID 5848 wrote to memory of 1696 N/A C:\Windows\system32\cmd.exe C:\Windows\oeyxjgdtndyslluwjqga.exe
PID 5848 wrote to memory of 1696 N/A C:\Windows\system32\cmd.exe C:\Windows\oeyxjgdtndyslluwjqga.exe
PID 5920 wrote to memory of 2632 N/A C:\Windows\system32\cmd.exe C:\Windows\oeyxjgdtndyslluwjqga.exe
PID 5920 wrote to memory of 2632 N/A C:\Windows\system32\cmd.exe C:\Windows\oeyxjgdtndyslluwjqga.exe
PID 5920 wrote to memory of 2632 N/A C:\Windows\system32\cmd.exe C:\Windows\oeyxjgdtndyslluwjqga.exe
PID 2352 wrote to memory of 2384 N/A C:\Windows\system32\cmd.exe C:\Windows\bqjhsokzshbumltugmb.exe
PID 2352 wrote to memory of 2384 N/A C:\Windows\system32\cmd.exe C:\Windows\bqjhsokzshbumltugmb.exe
PID 2352 wrote to memory of 2384 N/A C:\Windows\system32\cmd.exe C:\Windows\bqjhsokzshbumltugmb.exe
PID 4740 wrote to memory of 5832 N/A C:\Windows\system32\cmd.exe C:\Windows\hulhqkerivneurxwg.exe
PID 4740 wrote to memory of 5832 N/A C:\Windows\system32\cmd.exe C:\Windows\hulhqkerivneurxwg.exe
PID 4740 wrote to memory of 5832 N/A C:\Windows\system32\cmd.exe C:\Windows\hulhqkerivneurxwg.exe
PID 2384 wrote to memory of 4316 N/A C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2384 wrote to memory of 4316 N/A C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 2384 wrote to memory of 4316 N/A C:\Windows\bqjhsokzshbumltugmb.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe
PID 4880 wrote to memory of 5652 N/A C:\Windows\system32\cmd.exe C:\Windows\amcxfyrdtfwmbxca.exe
PID 4880 wrote to memory of 5652 N/A C:\Windows\system32\cmd.exe C:\Windows\amcxfyrdtfwmbxca.exe
PID 4880 wrote to memory of 5652 N/A C:\Windows\system32\cmd.exe C:\Windows\amcxfyrdtfwmbxca.exe
PID 5832 wrote to memory of 1956 N/A C:\Windows\hulhqkerivneurxwg.exe C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\belxwgq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\belxwgq.exe

"C:\Users\Admin\AppData\Local\Temp\belxwgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

C:\Users\Admin\AppData\Local\Temp\belxwgq.exe

"C:\Users\Admin\AppData\Local\Temp\belxwgq.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\amcxfyrdtfwmbxca.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\hulhqkerivneurxwg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe .

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqjhsokzshbumltugmb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Windows\bqjhsokzshbumltugmb.exe

bqjhsokzshbumltugmb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\bqjhsokzshbumltugmb.exe*."

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe

C:\Users\Admin\AppData\Local\Temp\oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe

C:\Users\Admin\AppData\Local\Temp\bqjhsokzshbumltugmb.exe .

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\oeyxjgdtndyslluwjqga.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\amcxfyrdtfwmbxca.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\bqjhsokzshbumltugmb.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c amcxfyrdtfwmbxca.exe

C:\Windows\duppcaypkbxsmnxaownii.exe

duppcaypkbxsmnxaownii.exe

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hulhqkerivneurxwg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Windows\amcxfyrdtfwmbxca.exe

amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\hulhqkerivneurxwg.exe

hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\qewtdythzngypnuufk.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\hulhqkerivneurxwg.exe*."

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\qewtdythzngypnuufk.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\amcxfyrdtfwmbxca.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe

C:\Users\Admin\AppData\Local\Temp\duppcaypkbxsmnxaownii.exe .

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\users\admin\appdata\local\temp\duppcaypkbxsmnxaownii.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oeyxjgdtndyslluwjqga.exe .

C:\Windows\oeyxjgdtndyslluwjqga.exe

oeyxjgdtndyslluwjqga.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qewtdythzngypnuufk.exe .

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\oeyxjgdtndyslluwjqga.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Windows\qewtdythzngypnuufk.exe

qewtdythzngypnuufk.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe .

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\hulhqkerivneurxwg.exe

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

"C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe" "c:\windows\qewtdythzngypnuufk.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.ebay.com udp
GB 173.222.9.77:80 www.ebay.com tcp
RU 46.37.140.186:22967 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 icuqqyasqw.com udp
US 8.8.8.8:53 hbfgnzsxgme.org udp
US 8.8.8.8:53 tyfxgqn.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 xguebajirey.net udp
US 8.8.8.8:53 ixsbjlggupmz.info udp
US 8.8.8.8:53 rbhram.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 omulltpohso.info udp
US 8.8.8.8:53 xujuvfndzaa.net udp
US 8.8.8.8:53 eingrbthhuw.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 xwxuxedwj.org udp
US 8.8.8.8:53 wuamyiew.org udp
US 8.8.8.8:53 wroxqupjtp.info udp
US 8.8.8.8:53 lwptfk.info udp
US 8.8.8.8:53 awaris.net udp
DE 195.30.84.222:80 awaris.net tcp
US 8.8.8.8:53 dcrctcpkc.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 komgomyuwkog.com udp
US 8.8.8.8:53 esokwuioqyua.com udp
US 8.8.8.8:53 tskffub.net udp
US 8.8.8.8:53 neocsjgfzmip.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 tgtwhhn.org udp
US 8.8.8.8:53 fpzbkbmx.net udp
BG 79.100.94.212:28678 tcp
US 8.8.8.8:53 kybbhfsmx.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 yhvndpzdjtjb.net udp
US 8.8.8.8:53 tuzmvqx.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 eqdfpkr.info udp
US 8.8.8.8:53 srvkwbls.info udp
US 8.8.8.8:53 puusteljfnt.org udp
US 8.8.8.8:53 jgtqvwv.org udp
US 8.8.8.8:53 ffpwlurdvjuj.info udp
US 8.8.8.8:53 tjxkpivu.info udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 rydehshxtlv.net udp
US 8.8.8.8:53 ymcouwaquwim.com udp
US 8.8.8.8:53 ermahee.info udp
US 8.8.8.8:53 gvanotphup.net udp
US 8.8.8.8:53 tcidmzuaiv.info udp
US 8.8.8.8:53 tjvgpwyk.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 lfjjqlwk.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 bkwzjwusvbt.com udp
US 8.8.8.8:53 aickqcmmokuy.com udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 elxagbsk.info udp
NZ 219.88.97.158:30613 tcp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 jfjujz.info udp
US 8.8.8.8:53 aqysuigc.org udp
US 8.8.8.8:53 kfdrug.net udp
US 8.8.8.8:53 fyfuhzkfycnd.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 xirszryesf.net udp
US 8.8.8.8:53 puutnuhfbv.info udp
US 8.8.8.8:53 tercgxzwoi.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 cwcgko.org udp
US 8.8.8.8:53 bknyzqyeb.net udp
US 8.8.8.8:53 eknlzolc.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 bilpumd.net udp
US 8.8.8.8:53 zowspabrlk.info udp
US 8.8.8.8:53 yljubatvt.info udp
US 8.8.8.8:53 yghuzic.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 lgjzjdwmjhkr.info udp
US 8.8.8.8:53 wykgqweeyywg.org udp
US 8.8.8.8:53 nrrddq.info udp
US 8.8.8.8:53 semnpbrhbpqb.info udp
US 8.8.8.8:53 ztfthbdste.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 wzhqdz.info udp
US 8.8.8.8:53 ersdkobqkxxh.net udp
US 8.8.8.8:53 geoxxcdukxr.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 byysonv.info udp
US 8.8.8.8:53 mkymwgqa.org udp
US 8.8.8.8:53 abvhcuunrs.net udp
US 8.8.8.8:53 tapsljcsdnhu.info udp
US 8.8.8.8:53 gbgfeotpfrtc.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 ispwahdodkx.info udp
US 8.8.8.8:53 qfbdjcrdn.info udp
US 8.8.8.8:53 evesvcvtwgvf.info udp
US 8.8.8.8:53 ghwsbaasah.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 eelpjzdowh.info udp
US 8.8.8.8:53 zzugflvs.net udp
US 8.8.8.8:53 esuukcgmumyk.com udp
US 8.8.8.8:53 zyfitez.info udp
BG 178.169.136.9:25690 tcp
US 8.8.8.8:53 exvsjmfjw.net udp
US 8.8.8.8:53 wagkyowuoguq.org udp
US 8.8.8.8:53 lhfsrjrppql.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 gfnifmeou.net udp
US 8.8.8.8:53 xywieahmbph.com udp
US 8.8.8.8:53 biovfwlga.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 jzssvu.net udp
US 8.8.8.8:53 pyjfpsrjq.com udp
US 8.8.8.8:53 sslzhpje.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 peravin.net udp
US 8.8.8.8:53 tafkjkfyjmt.com udp
US 8.8.8.8:53 zycauodbdkn.net udp
US 8.8.8.8:53 vhunvatz.net udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 xqjohst.com udp
US 8.8.8.8:53 hmsifeb.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 ggpmbrhouwv.info udp
US 8.8.8.8:53 chuklevyoxyd.net udp
US 8.8.8.8:53 mqcoog.net udp
US 8.8.8.8:53 wkgotudy.info udp
US 8.8.8.8:53 oqasmwvapxnx.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 xxpvcdotqd.net udp
US 8.8.8.8:53 klidhyn.info udp
US 8.8.8.8:53 iwpoczbt.net udp
US 8.8.8.8:53 zupitzzor.net udp
US 8.8.8.8:53 keiqswioavr.info udp
US 8.8.8.8:53 oucaymswwkai.org udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 ykcwfcp.net udp
US 8.8.8.8:53 mjgcsst.info udp
US 8.8.8.8:53 cchbhroumjm.info udp
US 8.8.8.8:53 zeixhxx.org udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 dlzktcuugp.info udp
US 8.8.8.8:53 pclufejutiv.net udp
US 8.8.8.8:53 hgsitoou.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 alfwckezdwea.info udp
US 8.8.8.8:53 xtlzgzikdvtt.info udp
US 8.8.8.8:53 vpssnuzwypj.org udp
IT 88.147.68.25:20703 tcp
US 8.8.8.8:53 bewmwiogiqq.org udp
US 8.8.8.8:53 cwxogmp.net udp
US 8.8.8.8:53 lggevyzvrbn.org udp
US 8.8.8.8:53 feixrqoc.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 xqgcngmop.com udp
US 8.8.8.8:53 xfpybpna.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 hdxixovzbq.net udp
US 8.8.8.8:53 xofnaktnrixp.info udp
US 8.8.8.8:53 zeruwuqqwmx.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 xyvvxutsjzpn.net udp
US 8.8.8.8:53 mcowmwckcqco.org udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 hgweljqn.info udp
US 8.8.8.8:53 mwjjjkr.info udp
US 8.8.8.8:53 dfcsahmy.info udp
US 8.8.8.8:53 jjfqvmlphsai.info udp
US 8.8.8.8:53 iqqcaiqmgc.org udp
US 8.8.8.8:53 quuoamewew.com udp
US 8.8.8.8:53 dzouyuhonqv.info udp
US 8.8.8.8:53 wkfrgzog.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 wbhedxm.info udp
US 8.8.8.8:53 ycyeuuwcik.org udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 hzlghaa.net udp
US 8.8.8.8:53 khngfgv.info udp
US 8.8.8.8:53 jubvpax.info udp
BR 201.26.109.174:40590 tcp
US 8.8.8.8:53 rjcdvdksetio.info udp
US 8.8.8.8:53 mkskdqwgpcx.net udp
US 8.8.8.8:53 xbtfto.net udp
US 8.8.8.8:53 uzjrbgvmfav.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 xebqjyfoniv.org udp
US 8.8.8.8:53 vepihmywnlxb.info udp
US 8.8.8.8:53 lgjyjwfie.net udp
US 8.8.8.8:53 txqqncxrhx.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 wwmntpxdya.net udp
US 8.8.8.8:53 zsbwuejdflnb.info udp
US 8.8.8.8:53 ttylsdde.info udp
US 8.8.8.8:53 tidifwlst.org udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 zyhhpt.net udp
US 8.8.8.8:53 thvugaief.net udp
US 8.8.8.8:53 cbhnqlfgwyh.net udp
US 8.8.8.8:53 qebaclb.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 eseqkyigauus.com udp
US 8.8.8.8:53 jcdfvel.net udp
US 8.8.8.8:53 yykqqocecm.org udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 kzmsbykdb.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 ysiwsmqe.com udp
US 8.8.8.8:53 zannpjoocg.info udp
US 8.8.8.8:53 rqmvnnodrl.info udp
US 8.8.8.8:53 cpbqqkv.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 chpolgot.info udp
US 8.8.8.8:53 nrmphwhmr.com udp
US 8.8.8.8:53 uazshup.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 dotyrrwx.info udp
US 8.8.8.8:53 jivgmmxfkqfs.net udp
US 8.8.8.8:53 ksoswu.com udp
US 8.8.8.8:53 xgxatmb.info udp
US 8.8.8.8:53 vcmfrufqvcn.org udp
LT 88.222.30.88:30600 tcp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 epjfdtthwi.info udp
US 8.8.8.8:53 fnlozpphq.net udp
US 8.8.8.8:53 thvqlcwc.net udp
US 8.8.8.8:53 qahvzirdokk.info udp
US 8.8.8.8:53 ccumgi.com udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 qoabhk.net udp
US 8.8.8.8:53 oopgrjhot.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 attzmbjfcu.info udp
US 8.8.8.8:53 iaioaacoiq.com udp
US 8.8.8.8:53 hblgzub.net udp
US 8.8.8.8:53 txjphidulvxz.info udp
US 8.8.8.8:53 bcgqijwof.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 zeehxhr.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 uxocprlbnliz.net udp
US 8.8.8.8:53 dfigkg.info udp
US 8.8.8.8:53 aookywiqwiik.com udp
US 8.8.8.8:53 logkskr.org udp
US 8.8.8.8:53 ssbgky.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 fkvsqgdijuk.com udp
US 8.8.8.8:53 iiyyzjfjta.net udp
US 8.8.8.8:53 dofxxulu.info udp
US 8.8.8.8:53 badwglaixkzp.net udp
US 8.8.8.8:53 ektdnakmzed.info udp
US 8.8.8.8:53 ygkbtjjdsr.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 boxglq.net udp
US 8.8.8.8:53 uiekmeyo.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 mglldgdupixw.info udp
US 8.8.8.8:53 awlbgazxpcg.net udp
US 8.8.8.8:53 ykzybcihfvr.info udp
US 8.8.8.8:53 tzaxvlqpdn.info udp
US 8.8.8.8:53 dyvwiin.com udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 mfxpnon.info udp
US 8.8.8.8:53 okemeswq.org udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 xvaecalfruen.net udp
US 8.8.8.8:53 kjrklwr.info udp
US 8.8.8.8:53 zapuyqwcrfp.org udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 llfdkcyr.net udp
US 8.8.8.8:53 tcqybxs.info udp
US 8.8.8.8:53 eyoicygkggka.org udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 mqmeeggoggaa.com udp
US 8.8.8.8:53 yquygigeeq.com udp
US 8.8.8.8:53 pqzjnoazwm.info udp
US 8.8.8.8:53 hzbtvkdekpd.org udp
US 8.8.8.8:53 usoosiecwi.com udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 syxrzgz.info udp
US 8.8.8.8:53 qliracrkdoit.net udp
US 8.8.8.8:53 vvsfbe.info udp
US 8.8.8.8:53 tceoxghd.info udp
US 8.8.8.8:53 lmfyrwqqpp.info udp
US 8.8.8.8:53 pvqtpjfsca.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 zmtbdx.info udp
US 8.8.8.8:53 wokiuk.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 jasksuej.info udp
BG 188.254.129.227:35854 tcp
US 8.8.8.8:53 wszozdx.net udp
US 8.8.8.8:53 uxumvrboamv.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 ysceyeikemom.org udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 jqetlus.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 lgtwyvhi.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 xqnqva.info udp
US 8.8.8.8:53 ikeaykai.org udp
US 8.8.8.8:53 gpaysichlz.net udp
US 8.8.8.8:53 gumgrj.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 njrvdh.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 mstfoi.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 miokiswoyc.com udp
US 8.8.8.8:53 fqdewasckt.info udp
US 8.8.8.8:53 degevznsh.info udp
US 8.8.8.8:53 ctfejscbzqb.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 tyogfwv.org udp
US 8.8.8.8:53 dlaqxkzamb.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 kpdalzn.info udp
US 8.8.8.8:53 clxienkpdw.net udp
US 8.8.8.8:53 jkhoywsjvpba.net udp
US 8.8.8.8:53 jbcwzjz.com udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 oaagmymikk.org udp
US 8.8.8.8:53 uqopuahxn.info udp
US 8.8.8.8:53 ivbucmt.net udp
US 8.8.8.8:53 xqsupbsy.info udp
US 8.8.8.8:53 crjuhoiefp.info udp
US 8.8.8.8:53 lozezgbez.com udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 zurbllhm.net udp
US 8.8.8.8:53 nbpptpkfhf.net udp
US 8.8.8.8:53 jdpkobhiekt.info udp
US 8.8.8.8:53 dgpbadaaxy.net udp
US 8.8.8.8:53 kivxtsh.info udp
US 8.8.8.8:53 sipihgi.net udp
US 8.8.8.8:53 auykoayagw.org udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 tibwzun.com udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 zshajpzoud.info udp
US 8.8.8.8:53 owsqmysqqgus.org udp
US 8.8.8.8:53 pgouxdfwr.info udp
US 8.8.8.8:53 eaaplwhozkx.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 dtgwqr.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 zaqkpnys.info udp
US 8.8.8.8:53 kgegqm.org udp
US 8.8.8.8:53 pvcxxrlj.info udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 kdryhavit.info udp
US 8.8.8.8:53 qdajdkjfzm.info udp
US 8.8.8.8:53 jvnxxukv.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 lunqzdist.com udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 aelodgpb.info udp
US 8.8.8.8:53 mkfzgkqzbej.info udp
US 8.8.8.8:53 qxvhtmgboeli.net udp
US 8.8.8.8:53 acumbsmcu.info udp
US 8.8.8.8:53 mrfouarqjca.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 aiqqya.org udp
US 8.8.8.8:53 wvsixbbkbku.net udp
US 8.8.8.8:53 hapsvgx.net udp
US 8.8.8.8:53 edsdvf.net udp
US 8.8.8.8:53 hgpwecpeesx.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 csbavyfyrek.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 vcndjyq.com udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 skiguaiiyy.com udp
US 8.8.8.8:53 qhdexexilv.net udp
US 8.8.8.8:53 jvysfx.info udp
US 8.8.8.8:53 ymnzvjmehzi.info udp
US 8.8.8.8:53 szcwcbzuzivo.info udp
US 8.8.8.8:53 alewrzpftq.info udp
US 8.8.8.8:53 tfjecohwiip.org udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 yfozkzwq.info udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 fawxmblsxttp.net udp
US 8.8.8.8:53 lbvjvutgp.org udp
US 8.8.8.8:53 elwqmq.info udp
US 8.8.8.8:53 bhbghywanql.net udp
US 8.8.8.8:53 yvvfmyvf.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 yumrczzit.info udp
US 8.8.8.8:53 tcmvufyapm.info udp
US 8.8.8.8:53 euapbshmq.info udp
US 8.8.8.8:53 eymewq.org udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 umvupke.net udp
US 8.8.8.8:53 jiodkrpn.net udp
US 8.8.8.8:53 mzvuzyhxogyu.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 lqxeymj.org udp
US 8.8.8.8:53 hezqvzlz.net udp
US 8.8.8.8:53 jvtghiruty.info udp
US 8.8.8.8:53 c.pki.goog udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 kytikecgcot.info udp
US 8.8.8.8:53 rzxyzaxrkyf.com udp
US 8.8.8.8:53 wrrvvmxeg.net udp
US 8.8.8.8:53 bpplcgj.com udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 yeouws.com udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 qiaoigzcoqa.info udp
US 8.8.8.8:53 uaxcyav.info udp
US 8.8.8.8:53 ooexzy.info udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 umqiussyom.org udp
US 8.8.8.8:53 rsbfabwlukgf.info udp
PT 213.22.247.132:24835 tcp
US 8.8.8.8:53 zetpolry.info udp
US 8.8.8.8:53 daczdgnrp.com udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 dahukqx.com udp
US 8.8.8.8:53 erhwbtbk.info udp
US 8.8.8.8:53 jhfoonojgqss.info udp
US 8.8.8.8:53 fjrkfiparix.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 mumusnmwhqtc.info udp
US 8.8.8.8:53 sqwosqqa.org udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 ugbuycb.net udp
US 8.8.8.8:53 ztxyreu.info udp
US 8.8.8.8:53 oldotqnyn.info udp
US 8.8.8.8:53 wmxjhjbyth.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 wvdiypafhaya.info udp
US 8.8.8.8:53 xqpvvp.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 zsrufkdua.com udp
US 8.8.8.8:53 sizpvevzrrt.net udp
US 8.8.8.8:53 bnlrxo.net udp
US 8.8.8.8:53 apxxianbnydh.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 vediowtkf.com udp
US 8.8.8.8:53 xhoddeooxe.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 uukkxctsp.info udp
US 8.8.8.8:53 usuywc.org udp
RU 95.105.123.4:36717 tcp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 jsjuxwpxx.net udp
US 8.8.8.8:53 yctbkopl.net udp
US 8.8.8.8:53 efnddf.info udp
US 8.8.8.8:53 fmpktqpifyd.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 ronjuu.info udp
US 8.8.8.8:53 rwfgqv.info udp
US 8.8.8.8:53 vujnwa.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 uyugecwm.com udp
US 8.8.8.8:53 iyqupy.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 wogfdnfc.net udp
US 8.8.8.8:53 witpndck.net udp
US 8.8.8.8:53 sickqe.com udp
US 8.8.8.8:53 auqkiiawgusm.com udp
US 8.8.8.8:53 yjzpeejgwk.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 juysvtxmc.net udp
US 8.8.8.8:53 esuaxnv.info udp
US 8.8.8.8:53 kexuozfhb.net udp
US 8.8.8.8:53 qyocsmscuqca.com udp
US 8.8.8.8:53 bsclrpurxa.info udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 lawoswoh.net udp
US 8.8.8.8:53 urcflaspbjhk.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 isymsouk.org udp
US 8.8.8.8:53 bzhqgso.info udp
US 8.8.8.8:53 lmeefypeagj.net udp
US 8.8.8.8:53 eazavsj.info udp
US 8.8.8.8:53 gocqzonnipkv.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 wunpaempur.info udp
US 8.8.8.8:53 gffccjfx.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 xixroraepfrn.net udp
US 8.8.8.8:53 uczhfjzxau.net udp
US 8.8.8.8:53 aijudjijd.net udp
US 8.8.8.8:53 mfvgvhajzh.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 rurobsb.org udp
US 8.8.8.8:53 qwguiqus.org udp
US 8.8.8.8:53 mipuxovspmp.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 tangxqd.info udp
BG 46.237.76.193:14690 tcp
US 8.8.8.8:53 kalufutmhgc.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 kowacq.org udp
US 8.8.8.8:53 kcfovjdlfz.net udp
US 8.8.8.8:53 qewqssgkwosy.com udp
US 8.8.8.8:53 grxolmlnjppg.info udp
US 8.8.8.8:53 yiceceou.org udp
US 8.8.8.8:53 dfntnjit.net udp
US 8.8.8.8:53 kociae.com udp
US 8.8.8.8:53 rhnthftg.net udp
US 8.8.8.8:53 xkqavkycltf.com udp
US 8.8.8.8:53 lerugfstep.net udp
US 8.8.8.8:53 tslavis.org udp
US 8.8.8.8:53 krvkxet.net udp
US 8.8.8.8:53 rcdbcuqim.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 ltxxwo.net udp
US 8.8.8.8:53 hmilsiz.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 rjhjiyqapeb.com udp
US 8.8.8.8:53 sokacoscogge.org udp
US 8.8.8.8:53 fuvfttvpx.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 rtlddgfqpzhl.net udp
US 8.8.8.8:53 msygwjd.net udp
US 8.8.8.8:53 orripev.info udp
US 8.8.8.8:53 btprhxhs.net udp
US 8.8.8.8:53 nhxbncfz.info udp
US 8.8.8.8:53 wympggf.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 yijklmxapsf.net udp
US 8.8.8.8:53 okdgfmeyh.net udp
US 8.8.8.8:53 bqvkvi.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 hpdztph.net udp
US 8.8.8.8:53 metbhe.net udp
US 8.8.8.8:53 umocmcyiqm.org udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 relnjxpotuf.info udp
US 8.8.8.8:53 zovoekhvj.info udp
US 8.8.8.8:53 ccmgcg.com udp
US 8.8.8.8:53 mxvuhpuvca.net udp
US 8.8.8.8:53 pyqeeqsix.info udp
US 8.8.8.8:53 nocbjqgnn.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 xbgufccpfv.info udp
US 8.8.8.8:53 vlhazlanlud.com udp
US 8.8.8.8:53 hlhzzohfnqko.info udp
US 8.8.8.8:53 vuunpybtyx.info udp
US 8.8.8.8:53 juatqdrrn.org udp
US 8.8.8.8:53 skyrvngr.info udp
US 8.8.8.8:53 vmbprgx.info udp
US 8.8.8.8:53 zonhomnz.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 dereanwgi.org udp
US 8.8.8.8:53 oircttdktuv.net udp
US 8.8.8.8:53 xqkqghluiy.net udp
US 8.8.8.8:53 fcnxgtiohncz.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 dorwhcjhfcz.info udp
US 8.8.8.8:53 gewkammi.org udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 zcouvoeudaz.org udp
US 8.8.8.8:53 bcqufsnigsu.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 ecuhtkabz.net udp
US 8.8.8.8:53 vgnjqrjdlero.info udp
US 8.8.8.8:53 dnaxpgmv.info udp
US 8.8.8.8:53 eybhowykksd.net udp
US 8.8.8.8:53 hnysfxiz.net udp
MD 93.116.216.127:19424 tcp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 vnzcmfjhvxp.com udp
US 8.8.8.8:53 ltszfvjflvqg.info udp
US 8.8.8.8:53 ayjlvckjjz.net udp
US 8.8.8.8:53 pzvdxylqx.org udp
US 8.8.8.8:53 rodxthiil.info udp
US 8.8.8.8:53 rtzkvhpcmuz.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 ulruno.info udp
US 8.8.8.8:53 fbpmxpicx.org udp
US 8.8.8.8:53 gubjte.info udp
US 8.8.8.8:53 maowdebhk.net udp
US 8.8.8.8:53 geoqvcwoh.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 eohhzu.net udp
US 8.8.8.8:53 lgqsggmsaq.net udp
US 8.8.8.8:53 qxjagtkexptt.net udp
US 8.8.8.8:53 nexpvuu.net udp
US 8.8.8.8:53 myusljfhfeb.info udp
US 8.8.8.8:53 kcuynmjane.info udp
US 8.8.8.8:53 oqtyngnad.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 fgjbrlgomb.info udp
US 8.8.8.8:53 wqclhvlppkc.info udp
US 8.8.8.8:53 boqdhqi.net udp
US 8.8.8.8:53 kueekgmeuc.com udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 exmpbwfuuhlk.info udp
US 8.8.8.8:53 dhtrwn.info udp
US 8.8.8.8:53 issuumoo.org udp
US 8.8.8.8:53 eayailfxrsoi.net udp
US 8.8.8.8:53 fwldta.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 uchtpkfcfpu.net udp
US 8.8.8.8:53 wxruzx.net udp
US 8.8.8.8:53 zijitkvnbzby.info udp
US 8.8.8.8:53 qxpaiy.info udp
US 8.8.8.8:53 ecjxtn.net udp
US 8.8.8.8:53 kcyvjiar.info udp
US 8.8.8.8:53 zeoeogdrz.info udp
US 8.8.8.8:53 zlbiakwkkix.info udp
US 8.8.8.8:53 wyhehmlwwax.info udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 ffdxikgfgolb.info udp
US 8.8.8.8:53 pybmxcc.info udp
US 8.8.8.8:53 aqllvpsdrn.info udp
US 8.8.8.8:53 yfesnqxhv.net udp
US 8.8.8.8:53 dwzxsobf.net udp
BG 46.40.80.60:19109 tcp
US 8.8.8.8:53 usqexhkswvb.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 kdhmyexgrpl.info udp
US 8.8.8.8:53 eemqmywo.com udp
US 8.8.8.8:53 hovsnmhjjux.net udp
US 8.8.8.8:53 bbbavgd.com udp
US 8.8.8.8:53 ytpcakrl.info udp
US 8.8.8.8:53 jxjerofhghjg.net udp
US 8.8.8.8:53 qkletabqoan.net udp
US 8.8.8.8:53 ygnlrifyf.info udp
US 8.8.8.8:53 nmkgkejyt.com udp
US 8.8.8.8:53 tvvdnib.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 pzstmalca.info udp
US 8.8.8.8:53 hcwafkg.net udp
US 8.8.8.8:53 yqiocmwgqy.org udp
US 8.8.8.8:53 dfngddb.net udp
US 8.8.8.8:53 lviecyu.com udp
US 8.8.8.8:53 zavtarjf.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 rztilhdyzcbc.net udp
US 8.8.8.8:53 wpwrbbnndqws.info udp
US 8.8.8.8:53 ngwrrbhim.net udp
US 8.8.8.8:53 ddblqezcaou.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 pelznpsc.net udp
US 8.8.8.8:53 citezbrdnszk.net udp
US 8.8.8.8:53 mgaareiwxmj.net udp
US 8.8.8.8:53 lozojukkvrv.net udp
US 8.8.8.8:53 nkzaqxzk.net udp
US 8.8.8.8:53 wdqkti.net udp
US 8.8.8.8:53 ilhdts.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 gicmnbvrkp.net udp
US 8.8.8.8:53 bswxckbedf.info udp
US 8.8.8.8:53 whbmplbxvj.info udp
US 8.8.8.8:53 xchslwaev.org udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 tgjeyse.com udp
US 8.8.8.8:53 yowwgkycqski.com udp
US 8.8.8.8:53 hdszhn.info udp
US 8.8.8.8:53 wsycus.com udp
US 8.8.8.8:53 vdatdfog.info udp
US 8.8.8.8:53 jolzmnprqhyc.net udp
US 8.8.8.8:53 jgbpddv.com udp
US 8.8.8.8:53 geoqiumwwcom.org udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 gcyogswk.org udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 vmrjrikk.net udp
US 8.8.8.8:53 fdeiwhniz.net udp
US 8.8.8.8:53 hsnppe.net udp
US 8.8.8.8:53 wyfehnr.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 reyrarc.com udp
US 8.8.8.8:53 gcgmtjgwsaxh.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 eytewqvku.info udp
CH 92.39.55.93:35692 tcp
US 8.8.8.8:53 ezbnqk.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 kqjyyppc.info udp
US 8.8.8.8:53 uexesqxok.info udp
US 8.8.8.8:53 edewsrgpkyrb.info udp
US 8.8.8.8:53 dnruxtsj.info udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 tsnmjkpmztx.org udp
US 8.8.8.8:53 tfgafsedvn.info udp
US 8.8.8.8:53 tfjepibqf.com udp
US 8.8.8.8:53 emokcuissycu.com udp
US 8.8.8.8:53 mwzpcv.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 ecpswyv.net udp
US 8.8.8.8:53 xexcryv.net udp
US 8.8.8.8:53 bpsewlzlez.net udp
US 8.8.8.8:53 wyjmxjqg.net udp
US 8.8.8.8:53 pfnkzwk.org udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 bgprtlwltyh.net udp
US 8.8.8.8:53 enkvjquggwue.info udp
US 8.8.8.8:53 zishjgeyadzl.info udp
US 8.8.8.8:53 dghwdn.info udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 ldjjzh.info udp
US 8.8.8.8:53 jsbukdfxeg.net udp
US 8.8.8.8:53 sjzonex.net udp
US 8.8.8.8:53 lcbjrwnm.info udp
US 8.8.8.8:53 gyhisypwz.net udp
US 8.8.8.8:53 hbwvqwxjzo.net udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 nvvegq.info udp
US 8.8.8.8:53 rusmfxqgh.org udp
US 8.8.8.8:53 lbjnjw.info udp
US 8.8.8.8:53 asgpcmrz.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 xmkfjkngf.com udp
US 8.8.8.8:53 dwltzegkfyu.org udp
US 8.8.8.8:53 itipgvmybh.info udp
US 8.8.8.8:53 fclwrxlmjgvq.info udp
US 8.8.8.8:53 iiykki.com udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 lzrpirdprk.info udp
US 8.8.8.8:53 lwzznebg.info udp
US 8.8.8.8:53 wbmufndhrexp.info udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 uiwsmymhgc.info udp
US 8.8.8.8:53 qsyqfcm.info udp
US 8.8.8.8:53 xuoobentzb.net udp
US 8.8.8.8:53 rjcccvsl.net udp
US 8.8.8.8:53 rdzyyoqyoflm.net udp
US 8.8.8.8:53 mqxeglvb.info udp
BG 84.40.66.15:43814 tcp
US 8.8.8.8:53 sokmiq.com udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 jpftjmbv.info udp
US 8.8.8.8:53 deiujcpwj.net udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 fihstkkur.info udp
US 8.8.8.8:53 ygwsyabebux.net udp
US 8.8.8.8:53 eugkmayg.org udp
US 8.8.8.8:53 euekwmie.org udp
US 8.8.8.8:53 syzdpbxmli.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 pozidzdzwqde.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 oflobwlsivo.info udp
US 8.8.8.8:53 opxfgexehd.info udp
US 8.8.8.8:53 eglhlgiyt.info udp
US 8.8.8.8:53 defslfp.org udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 envevsxcguh.net udp
US 8.8.8.8:53 ewnerabk.net udp
US 8.8.8.8:53 scplgimkj.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 zgdemo.net udp
US 8.8.8.8:53 qunopsj.info udp
US 8.8.8.8:53 yutwmrhs.info udp
US 8.8.8.8:53 hgbgrj.net udp
US 8.8.8.8:53 buyfahjveo.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 sjfcezt.info udp
US 8.8.8.8:53 sjzyogjg.net udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 libjnoxwtex.net udp
US 8.8.8.8:53 zutgqznvb.info udp
US 8.8.8.8:53 plntpzrn.info udp
US 8.8.8.8:53 cucwtenf.net udp
US 8.8.8.8:53 qvhrcelgrs.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 sgkpdqdpwy.net udp
US 8.8.8.8:53 atehmugz.info udp
US 8.8.8.8:53 ddprtfhyz.net udp
US 8.8.8.8:53 teelaijj.info udp
US 8.8.8.8:53 soxyfmhasmk.info udp
US 8.8.8.8:53 sbqvrdjmdqu.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 qsamam.org udp
US 8.8.8.8:53 tzdilurb.info udp
US 8.8.8.8:53 rvbjjj.net udp
US 8.8.8.8:53 vgqxvqngngx.info udp
BG 109.160.104.68:39171 tcp
US 8.8.8.8:53 tgdizuuvd.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 ugaakuwayo.com udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 zjuubwll.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 njhqvet.net udp
US 8.8.8.8:53 qztsvs.info udp
US 8.8.8.8:53 clpbmqu.net udp
US 8.8.8.8:53 feelqqfdqyt.info udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 fnshfc.net udp
US 8.8.8.8:53 gqxfij.info udp
US 8.8.8.8:53 ombyjgrci.net udp
US 8.8.8.8:53 usljhmfr.net udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 syzfdpvvjr.net udp
US 8.8.8.8:53 tulxsp.info udp
US 8.8.8.8:53 vefkzaxebkq.org udp
US 8.8.8.8:53 zpnmfwp.com udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 schoavb.net udp
US 8.8.8.8:53 gkiigu.com udp
US 8.8.8.8:53 ddujlzcnjx.net udp
US 8.8.8.8:53 nrsyiebahnki.info udp
US 8.8.8.8:53 aeuwngsfjf.net udp
US 8.8.8.8:53 pcschthacmn.com udp
US 8.8.8.8:53 wmtiboxyg.net udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 skqgoq.com udp
US 8.8.8.8:53 iokyyk.org udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 hyumdqtrmis.org udp
US 8.8.8.8:53 druisxvuycrh.info udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 fyzgfutcx.com udp
US 8.8.8.8:53 vahwimbqcwj.com udp
US 8.8.8.8:53 agmoomyisg.com udp
US 8.8.8.8:53 lflltcsjyewm.net udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 ghlsfvr.info udp
LT 86.100.99.121:40185 tcp
US 8.8.8.8:53 hqntlcdst.info udp
US 8.8.8.8:53 yknuzpjoxrq.net udp
US 8.8.8.8:53 lttlhzaiisgc.net udp
US 8.8.8.8:53 zkjwhjbcsaui.info udp
US 8.8.8.8:53 nzprlcgc.info udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 pqqyaqlqbkh.net udp
US 8.8.8.8:53 ajlynrfyqrlp.net udp
US 8.8.8.8:53 xqowrrn.org udp
US 8.8.8.8:53 dsvpbvah.net udp
US 8.8.8.8:53 syhizebglra.net udp
US 8.8.8.8:53 scogzslctkl.net udp
US 8.8.8.8:53 pxsnke.net udp
US 8.8.8.8:53 mwakkacumgwm.org udp
US 8.8.8.8:53 jzmmpcwv.net udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 pefbakjfq.com udp
US 8.8.8.8:53 rlsqcunfi.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 qsoqooseky.org udp
US 8.8.8.8:53 ysmeqsuwsm.org udp
US 8.8.8.8:53 satcdd.net udp
US 8.8.8.8:53 mgcicaekey.org udp
US 8.8.8.8:53 aeyzpwjxjc.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 eykwggaqkg.org udp
US 8.8.8.8:53 udnshwbxck.net udp
US 8.8.8.8:53 ddnqfglgvj.info udp
US 8.8.8.8:53 vdtuuhtm.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 auvaewrqp.net udp
US 8.8.8.8:53 tgugtxb.com udp
US 8.8.8.8:53 dkvrwtwyaqr.info udp

Files

C:\Users\Admin\AppData\Local\Temp\myjtkkdhwit.exe

MD5 1d53beb10b239831053ca4859d3ab42c
SHA1 bea1619698c2f0d35b2cb3ee99a0ba239128dcb1
SHA256 b27414eecc60a582c5c8d8b7cc1a5a9a96c69de907918770b08c1722b0c85ed4
SHA512 fe26fcfdb412c46358074a61db033f064f9b3f2727dfda826cfefb0666a18090bf4a4126487d38e90b71b9e4f21d3bf02b169a32b7a712b90f49ff139e059b4e

C:\Windows\SysWOW64\qewtdythzngypnuufk.exe

MD5 c1c90ccb7f44badc91ec2859323fcde2
SHA1 0bc90e1a338997eb95cae02f0250a8678d8f25e4
SHA256 c9fd2f88ae1d80838434f52f63ecc3009bda52cc0b76238121d6068999f13a43
SHA512 464ce273e0f3c9f74bff3c864f54d532f89bea43446ca824ca3af93c3802168c41e314166a6084c0e61a43621900394bea820a2b64c8f92ea156f36ce9584e08

C:\Users\Admin\AppData\Local\Temp\belxwgq.exe

MD5 a0fd73d74740ce5005656073326fd5e0
SHA1 cba1cb0fa40bd9c285f7a7cb0c2b55f83dd36297
SHA256 97688424d198532abb021356bbf72e59e090721fa98c33ca79b8b23cc01a20cf
SHA512 e962d8a54503ca302dbf1b227483435e59719badbb8cb7d0f4e200bbc2395cb8d7b03a98fc832166909408ca5ca6fe87c092c0a08e4fa400e17ddcd8e1444114

C:\Users\Admin\AppData\Local\dejtqyghmntycnhusklqaxfnotu.fju

MD5 8dcb8a44b68e3e9ebf517dd1cf1faff4
SHA1 4710d27aeb1e48562752b6f7d0775f249ca5e1b7
SHA256 de8bc35ff4614ae9b7bab6eeade083f86837efb459cf94aa3a4eab16aee5531e
SHA512 ac242218d16679adb7f4e59299a6915e1c30a4bb95abebcf77ca7739233ce534592ae4e9cc1f67024a24e22b5b111d9916ea5b3f4a8249081a1ca208956dd0a9

C:\Users\Admin\AppData\Local\amcxfyrdtfwmbxcajmyojrkdpfriynjomvykav.wpb

MD5 65315dfeb57aea8e82086d07c7267677
SHA1 2b0af1f6883c6ccbc924da7b41dfd217ed654988
SHA256 6932e5a64324cd7301c22703a6c9987b36b9b28aad8d19d03a24e9e144603041
SHA512 3f72c5c31b8432b0f0ecd2482b59a149cd240ad080ef44c7fa8c4c38a6556b74f4cabac44d899f0b08bda4ab9875a9086ded0297b6fc3df9fa6213fac30dbdac

C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju

MD5 538a46ffb218bf81d767d75561c2a5d5
SHA1 045af7197776445b850b316fba14107c58d8b678
SHA256 a6493d234497576aad72f3e058a7ce7a649ba1a092846df7deb8113561ebebfd
SHA512 22b2bcb8cb6f7cbb9ce637de87746ea8a5b667a44daa08c648513b5269f2d56cee185e5bfbc6238441f36ed462cdd88ff6e47dcff22f52b9c1826af832ef6139

C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju

MD5 6845585354f5f58398b3b0fd94ec90d3
SHA1 541e6d300c9c0bdcb100789e5155b4542596454e
SHA256 0aa85c3f664e94b35829faf0c09ba501cc82bc47e996b95242987200f253afb9
SHA512 94fe197eaadbba0225b935a53d154d952557356c75cae5a21fd616d9e359462d66cd847b4fb5b644d6683a2cd80d1c868b4353c9272735e72c7eabc38d300f84

C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju

MD5 fc658e5091cbc49765a05a97196db2c9
SHA1 0781d9ab8d81b26587e5767e6a54413bfe650b5b
SHA256 62bf16e43d71ad62c948838ccd7b93457687aa9550ab28b1c1b0a8e194f93898
SHA512 89ac2f1ad98163fc648ec41c21d1a728a9fb1ec2d97a6d3d8f957ecc8cd453675fd67f127451de310077220f8c1f7e03afea48d2c3e1e8de24f80d817da35f06

C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju

MD5 48a4dd9298dec50a8c5b3776554d742f
SHA1 822e62e2006ca971ea56ac5f5b4d539e09e5a732
SHA256 ae518eb7255672fb390e85f8a6577e5c838e80250b9043ee06ef7311a8a9435d
SHA512 9aa799e3e8ee4351da3063cf4a2aba843343fa818b7620d246cd739e73c6e34f4073983c28546387e797db2e88dc1882992f80ea3501348a25dbf4eed072f7e7

C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju

MD5 4e58c7e75947e697001348cbbebfe30d
SHA1 df385dc169a50430dd3f5b0d108a733149efe87e
SHA256 2f533c4c02584e04b51ab4479f635f2168bf81ae2b218fa91830b05f86673a86
SHA512 18ab73cf55cb31dac053a530bbf7aa47ffd86707535bb9ec299116ced074ea12076195f9b22d310a88453d68d9bc13ce0c8184c9248f12bf8999dacc5963eddd

C:\Program Files (x86)\dejtqyghmntycnhusklqaxfnotu.fju

MD5 1fb413363156b9e2ebfa03235c7c4687
SHA1 b3f0a99ce9c6100ebdc31b0e439c7d8b5cd395e1
SHA256 7b67d84e959ff204303fcd66de3248b7db813a51a5fbf0592888a7aa19fec99a
SHA512 d6aca63bdde4c65a64bb8a2c6b0449b7857b1b89465d13066c8829fc642a606553b259f15f8149ae76555c145f071768c6a113f7759acc66ceea29e514222c08

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-19 07:07

Reported

2025-04-19 07:09

Platform

win11-20250410-en

Max time kernel

49s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mjn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crnphytuldftezhzyzqfb.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "nbwxoeyyofgtdxevttjx.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nnuhkm = "pbutiwomapozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\aixgjthry = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hmyeel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Windows\umlerljduljvexdtqpy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\aqnephdvkzvfmdhvq.exe N/A
N/A N/A C:\Windows\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
N/A N/A C:\Windows\haauidcxphgtdxevttdw.exe N/A
N/A N/A C:\Windows\haauidcxphgtdxevttdw.exe N/A
N/A N/A C:\Windows\umlerljduljvexdtqpy.exe N/A
N/A N/A C:\Windows\haauidcxphgtdxevttdw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Windows\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
N/A N/A C:\Windows\umlerljduljvexdtqpy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\umlerljduljvexdtqpy.exe N/A
N/A N/A C:\Windows\haauidcxphgtdxevttdw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Windows\haauidcxphgtdxevttdw.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Windows\aqnephdvkzvfmdhvq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
N/A N/A C:\Windows\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
N/A N/A C:\Windows\jayqcvslbrozhzetpn.exe N/A
N/A N/A C:\Windows\umlerljduljvexdtqpy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "jayqcvslbrozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "tieuevqhvjentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gjtjpudsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbwxoeyyofgtdxevttjx.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "aqnephdvkzvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "aqnephdvkzvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "wqrmbxxtmfftezhzyzkef.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "aqnephdvkzvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "tieuevqhvjentjmz.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe ." C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "wqrmbxxtmfftezhzyzkef.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieuevqhvjentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\trwh = "nbwxoeyyofgtdxevttjx.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "tieuevqhvjentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "wqrmbxxtmfftezhzyzkef.exe ." C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\cbhtv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbutiwomapozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "umlerljduljvexdtqpy.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "jayqcvslbrozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\trwh = "anhhxmfetjjvexdtqpe.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "umlerljduljvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "tieuevqhvjentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "tieuevqhvjentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\oypafrhtclb = "tieuevqhvjentjmz.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwpcjxpdozrxa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlerljduljvexdtqpy.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcscgrgrzh = "haauidcxphgtdxevttdw.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lwoagtkxhrin = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrmbxxtmfftezhzyzkef.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnephdvkzvfmdhvq.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3582532709-2637047242-3508314386-1000\Software\Microsoft\Windows\CurrentVersion\Run\uanuvdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jayqcvslbrozhzetpn.exe" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jqemoxkt = "jayqcvslbrozhzetpn.exe ." C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File created C:\Windows\SysWOW64\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\SysWOW64\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\SysWOW64\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File created C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Program Files (x86)\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File created C:\Program Files (x86)\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\haauidcxphgtdxevttdw.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tieuevqhvjentjmz.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
File opened for modification C:\Windows\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
File opened for modification C:\Windows\nikgwturlfgvhdmffhtoqm.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\crnphytuldftezhzyzqfb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnephdvkzvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cbhtv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\crnphytuldftezhzyzqfb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jayqcvslbrozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jayqcvslbrozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umlerljduljvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbwxoeyyofgtdxevttjx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbwxoeyyofgtdxevttjx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\grjhvizwjxvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umlerljduljvexdtqpy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haauidcxphgtdxevttdw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqrmbxxtmfftezhzyzkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1004 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1004 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1004 wrote to memory of 5460 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 956 wrote to memory of 3692 N/A C:\Windows\system32\cmd.exe C:\Windows\jayqcvslbrozhzetpn.exe
PID 956 wrote to memory of 3692 N/A C:\Windows\system32\cmd.exe C:\Windows\jayqcvslbrozhzetpn.exe
PID 956 wrote to memory of 3692 N/A C:\Windows\system32\cmd.exe C:\Windows\jayqcvslbrozhzetpn.exe
PID 4920 wrote to memory of 4964 N/A C:\Windows\system32\cmd.exe C:\Windows\umlerljduljvexdtqpy.exe
PID 4920 wrote to memory of 4964 N/A C:\Windows\system32\cmd.exe C:\Windows\umlerljduljvexdtqpy.exe
PID 4920 wrote to memory of 4964 N/A C:\Windows\system32\cmd.exe C:\Windows\umlerljduljvexdtqpy.exe
PID 4964 wrote to memory of 4292 N/A C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4964 wrote to memory of 4292 N/A C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 4964 wrote to memory of 4292 N/A C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3052 wrote to memory of 1212 N/A C:\Windows\system32\cmd.exe C:\Windows\aqnephdvkzvfmdhvq.exe
PID 3052 wrote to memory of 1212 N/A C:\Windows\system32\cmd.exe C:\Windows\aqnephdvkzvfmdhvq.exe
PID 3052 wrote to memory of 1212 N/A C:\Windows\system32\cmd.exe C:\Windows\aqnephdvkzvfmdhvq.exe
PID 1508 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\jayqcvslbrozhzetpn.exe
PID 1508 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\jayqcvslbrozhzetpn.exe
PID 1508 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\jayqcvslbrozhzetpn.exe
PID 2264 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
PID 2264 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
PID 2264 wrote to memory of 4484 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
PID 2212 wrote to memory of 2476 N/A C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 2212 wrote to memory of 2476 N/A C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 2212 wrote to memory of 2476 N/A C:\Windows\jayqcvslbrozhzetpn.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5028 wrote to memory of 1420 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
PID 5028 wrote to memory of 1420 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
PID 5028 wrote to memory of 1420 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe
PID 1420 wrote to memory of 5128 N/A C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1420 wrote to memory of 5128 N/A C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1420 wrote to memory of 5128 N/A C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 2364 wrote to memory of 5456 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
PID 2364 wrote to memory of 5456 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
PID 2364 wrote to memory of 5456 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe
PID 416 wrote to memory of 3404 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
PID 416 wrote to memory of 3404 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
PID 416 wrote to memory of 3404 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe
PID 3404 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3404 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 3404 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 5460 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
PID 5460 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
PID 5460 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
PID 5460 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
PID 5460 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
PID 5460 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe
PID 1468 wrote to memory of 5856 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 1468 wrote to memory of 5856 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 1468 wrote to memory of 5856 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 5324 wrote to memory of 5488 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 5324 wrote to memory of 5488 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 5324 wrote to memory of 5488 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 2928 wrote to memory of 1084 N/A C:\Windows\system32\cmd.exe C:\Windows\umlerljduljvexdtqpy.exe
PID 2928 wrote to memory of 1084 N/A C:\Windows\system32\cmd.exe C:\Windows\umlerljduljvexdtqpy.exe
PID 2928 wrote to memory of 1084 N/A C:\Windows\system32\cmd.exe C:\Windows\umlerljduljvexdtqpy.exe
PID 1092 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 1092 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 1092 wrote to memory of 2636 N/A C:\Windows\system32\cmd.exe C:\Windows\haauidcxphgtdxevttdw.exe
PID 1084 wrote to memory of 652 N/A C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1084 wrote to memory of 652 N/A C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 1084 wrote to memory of 652 N/A C:\Windows\umlerljduljvexdtqpy.exe C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe
PID 2636 wrote to memory of 5760 N/A C:\Windows\haauidcxphgtdxevttdw.exe C:\Windows\System32\Conhost.exe
PID 2636 wrote to memory of 5760 N/A C:\Windows\haauidcxphgtdxevttdw.exe C:\Windows\System32\Conhost.exe
PID 2636 wrote to memory of 5760 N/A C:\Windows\haauidcxphgtdxevttdw.exe C:\Windows\System32\Conhost.exe
PID 3836 wrote to memory of 2684 N/A C:\Windows\system32\cmd.exe C:\Windows\tieuevqhvjentjmz.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe

"C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe

"C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c1c90ccb7f44badc91ec2859323fcde2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .

C:\Windows\nbwxoeyyofgtdxevttjx.exe

nbwxoeyyofgtdxevttjx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."

C:\Windows\crnphytuldftezhzyzqfb.exe

crnphytuldftezhzyzqfb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .

C:\Windows\nbwxoeyyofgtdxevttjx.exe

nbwxoeyyofgtdxevttjx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\grjhvizwjxvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\anhhxmfetjjvexdtqpe.exe*."

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\nbwxoeyyofgtdxevttjx.exe

nbwxoeyyofgtdxevttjx.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c crnphytuldftezhzyzqfb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Windows\crnphytuldftezhzyzqfb.exe

crnphytuldftezhzyzqfb.exe .

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\crnphytuldftezhzyzqfb.exe*."

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe

C:\Users\Admin\AppData\Local\Temp\nbwxoeyyofgtdxevttjx.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\nbwxoeyyofgtdxevttjx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe

C:\Windows\nbwxoeyyofgtdxevttjx.exe

nbwxoeyyofgtdxevttjx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\anhhxmfetjjvexdtqpe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\grjhvizwjxvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\grjhvizwjxvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\pbutiwomapozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\pbutiwomapozhzetpn.exe*."

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pbutiwomapozhzetpn.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\pbutiwomapozhzetpn.exe

pbutiwomapozhzetpn.exe

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe

C:\Windows\zjaxkwmiuhentjmz.exe

zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\anhhxmfetjjvexdtqpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\grjhvizwjxvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\zjaxkwmiuhentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\zjaxkwmiuhentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\crnphytuldftezhzyzqfb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe .

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\haauidcxphgtdxevttdw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieuevqhvjentjmz.exe .

C:\Windows\tieuevqhvjentjmz.exe

tieuevqhvjentjmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\tieuevqhvjentjmz.exe*."

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haauidcxphgtdxevttdw.exe .

C:\Windows\haauidcxphgtdxevttdw.exe

haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\haauidcxphgtdxevttdw.exe*."

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Users\Admin\AppData\Local\Temp\jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe

C:\Users\Admin\AppData\Local\Temp\tieuevqhvjentjmz.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\tieuevqhvjentjmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\aqnephdvkzvfmdhvq.exe

aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe .

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\umlerljduljvexdtqpy.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\umlerljduljvexdtqpy.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\umlerljduljvexdtqpy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\wqrmbxxtmfftezhzyzkef.exe

wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlerljduljvexdtqpy.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\umlerljduljvexdtqpy.exe

umlerljduljvexdtqpy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jayqcvslbrozhzetpn.exe .

C:\Windows\jayqcvslbrozhzetpn.exe

jayqcvslbrozhzetpn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\jayqcvslbrozhzetpn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Windows\zjaxkwmiuhentjmz.exe

zjaxkwmiuhentjmz.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrmbxxtmfftezhzyzkef.exe .

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\users\admin\appdata\local\temp\wqrmbxxtmfftezhzyzkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbwxoeyyofgtdxevttjx.exe .

C:\Windows\nbwxoeyyofgtdxevttjx.exe

nbwxoeyyofgtdxevttjx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

"C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe" "c:\windows\nbwxoeyyofgtdxevttjx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c anhhxmfetjjvexdtqpe.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Users\Admin\AppData\Local\Temp\aqnephdvkzvfmdhvq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\anhhxmfetjjvexdtqpe.exe

anhhxmfetjjvexdtqpe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grjhvizwjxvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe

C:\Users\Admin\AppData\Local\Temp\haauidcxphgtdxevttdw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crnphytuldftezhzyzqfb.exe

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

C:\Windows\grjhvizwjxvfmdhvq.exe

grjhvizwjxvfmdhvq.exe .

C:\Users\Admin\AppData\Local\Temp\cbhtv.exe

"C:\Users\Admin\AppData\Local\Temp\cbhtv.exe" "-c:\users\admin\appdata\local\temp\aqnephdvkzvfmdhvq.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
NL 142.250.153.93:80 www.youtube.com tcp
LT 78.62.236.188:30550 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 wokhwvhmirnc.net udp
US 8.8.8.8:53 uowagyqi.com udp
RO 85.122.123.27:44519 tcp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 ddpobim.org udp
BG 95.42.63.1:13497 tcp
US 8.8.8.8:53 ewhqxezcwwc.net udp
GR 109.242.50.35:41557 tcp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 efnnkqbsuqm.net udp
ES 79.113.243.221:23907 tcp
US 8.8.8.8:53 coggoagggmuy.com udp
IT 88.147.68.25:20703 tcp
US 8.8.8.8:53 jpukmvxmce.info udp
US 8.8.8.8:53 rqwmrqj.net udp
RU 95.105.22.121:40201 tcp
US 8.8.8.8:53 wsxirthvp.net udp
BG 89.215.109.146:25938 tcp
US 8.8.8.8:53 nihubgvehrr.net udp
US 8.8.8.8:53 nvlttn.net udp
US 8.8.8.8:53 ekeeyusaiska.org udp
BG 46.252.57.215:18405 tcp
US 8.8.8.8:53 dmbuukry.net udp
US 8.8.8.8:53 nhcajwkz.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
MD 149.3.187.8:23569 tcp
US 8.8.8.8:53 guwndakyi.info udp
US 8.8.8.8:53 cuncqyqqo.net udp
US 8.8.8.8:53 kvbyavyvdrdy.info udp
BG 212.75.5.130:26152 tcp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 tkwhaxlatvyv.net udp
BG 84.252.59.140:35409 tcp
BG 93.123.124.231:32816 tcp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 argslozxppdx.info udp
US 8.8.8.8:53 agrwzyb.net udp
US 8.8.8.8:53 qorefkfuo.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 pivefep.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 nwbqsko.com udp
US 8.8.8.8:53 rwhqlqsol.net udp
LT 78.58.26.242:13293 tcp
US 8.8.8.8:53 aokkvrrwivma.net udp
US 8.8.8.8:53 yueltn.net udp
US 8.8.8.8:53 cgbvbbqerv.net udp
US 8.8.8.8:53 rorozzcygruu.net udp
US 8.8.8.8:53 rqrjjnv.net udp
US 8.8.8.8:53 jeviav.info udp
US 8.8.8.8:53 smzonuquznv.net udp
US 8.8.8.8:53 otrdsqbv.net udp
US 8.8.8.8:53 tstgdjrgnom.info udp
US 8.8.8.8:53 ualdfs.net udp
US 8.8.8.8:53 usvefto.net udp
US 8.8.8.8:53 kyasawiyeoiu.org udp
US 8.8.8.8:53 awcgsgqc.org udp
BG 88.80.105.159:37887 tcp
US 8.8.8.8:53 zddfdf.info udp
US 8.8.8.8:53 uecvowhs.net udp
US 8.8.8.8:53 urmsttjqvxfz.net udp
US 8.8.8.8:53 fmuqilerlmfe.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 pavqdebrdkt.org udp
US 8.8.8.8:53 fyrvcyux.info udp
US 8.8.8.8:53 kicisemu.com udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 uqbstkr.info udp
US 8.8.8.8:53 zwxtlvjvvjw.net udp
US 8.8.8.8:53 sxndxcwtpl.net udp
US 8.8.8.8:53 viymxqmw.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 uikspu.net udp
US 8.8.8.8:53 adauloj.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 nkpslafzcbcw.info udp
US 8.8.8.8:53 hgfewubadcy.info udp
US 8.8.8.8:53 jfiztbfjzr.info udp
US 8.8.8.8:53 usljhmfr.net udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 phnzdhzeyg.net udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 ikqqyzd.net udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 acxgvejehco.net udp
US 8.8.8.8:53 ezneff.net udp
US 8.8.8.8:53 psvzcsqp.info udp
US 8.8.8.8:53 prayrbk.com udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 gbfyjgdh.net udp
US 8.8.8.8:53 rrdehmbnzbrb.info udp
US 8.8.8.8:53 xpvaddgd.net udp
US 8.8.8.8:53 szdkfpvn.info udp
US 8.8.8.8:53 gzqipc.net udp
US 8.8.8.8:53 oflazb.net udp
US 8.8.8.8:53 adckcdeycac.info udp
US 8.8.8.8:53 pbasdrkiuq.net udp
US 8.8.8.8:53 xdvktnhshul.com udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 dacezd.info udp
US 8.8.8.8:53 ysuomkgi.org udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 uvbrhg.net udp
US 8.8.8.8:53 uqqkoe.com udp
US 8.8.8.8:53 sooyke.org udp
US 8.8.8.8:53 dmccgazbn.com udp
US 8.8.8.8:53 iuvcuzlqv.net udp
US 8.8.8.8:53 bunfqutcqmx.info udp
US 8.8.8.8:53 fbkxsw.net udp
US 8.8.8.8:53 fgqqgegwvd.info udp
US 8.8.8.8:53 nqnyfz.net udp
US 8.8.8.8:53 ieeekeey.com udp
US 8.8.8.8:53 nfcfdjjcpv.net udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 fubkmhtkz.net udp
US 8.8.8.8:53 mqmasqmo.com udp
US 8.8.8.8:53 vcdysxm.org udp
US 8.8.8.8:53 qslahxz.net udp

Files

C:\Users\Admin\AppData\Local\Temp\vzaljrgxfjk.exe

MD5 ab03c21a2c11e94db0624c686d8e7a56
SHA1 e1a4f9cd54633907b3df6cb029fcf08965cadf70
SHA256 7a1c2cc6d6ad2a0c0b95ab325c4a9840bdc559afd266cb2915740f9bdcc078a8
SHA512 b698ff761767a16db4a7f1de7066d5c16fa5b55844cb63c3892b815301f457db75ac95bab89c55433c3d1ed7971eed67448225f61625dac2f7dd15c44f3d7702

C:\Windows\SysWOW64\jayqcvslbrozhzetpn.exe

MD5 c1c90ccb7f44badc91ec2859323fcde2
SHA1 0bc90e1a338997eb95cae02f0250a8678d8f25e4
SHA256 c9fd2f88ae1d80838434f52f63ecc3009bda52cc0b76238121d6068999f13a43
SHA512 464ce273e0f3c9f74bff3c864f54d532f89bea43446ca824ca3af93c3802168c41e314166a6084c0e61a43621900394bea820a2b64c8f92ea156f36ce9584e08

C:\Users\Admin\AppData\Local\Temp\uanuvdp.exe

MD5 d45b10f6f5acf8189f20b5bba0e53d04
SHA1 7ca2824e8ee5c19651d2a6b72e329046f7e20ece
SHA256 6afc9d75bdecbecfde1e90f990c91d3b6365ca9ee1acf5378c43fef124f82d65
SHA512 d717301381c12c12cbd0f11e40658465fa5ffb91b97c4a26c257bb9e5c2d8f9f7b352cffdfe64713bb32bfddd3c70737aca25645d415503eb659a7e8eb8542af

C:\Users\Admin\AppData\Local\walqpvflorbzuzrtcnimxcbhrxa.nlg

MD5 6428e106a0309c5a4569246df491f4a0
SHA1 ed9e3177714ac640ecfb22f4faa6bf0bc7d58d65
SHA256 8b2ec4172dbcea9a8cc814bd5346fc79bf5e3454dcd6d725ca5096648cd031d4
SHA512 10483b3b03b15c26272c9ee44af2b831ce58657a91ff6bc4aa5af60a0ab45c1df15e89e1be1b0f9f4ddbff7747be295fdbcb44f5e8647f4ba7cc2697dea84b7d

C:\Users\Admin\AppData\Local\tieuevqhvjentjmztpvkgwgxsjxlgpvlobvrxm.yiz

MD5 0d5ecb7cdb79a26d8d7d24b92bceca96
SHA1 73240f891180525c7a632e8d4dd47ee69e0257d1
SHA256 0ebe8d62c5670a58f22742dac5f53a4b8e2512836fd5712890bfcd24f66e7dc9
SHA512 480268f5635da37fcc999be5a520ac5900057549311b2750aff199dc9d0769aca7937ac3a92a4644de2e0c32f90437251b5f1ebdc4296dcaf0da767b755c35b7

C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg

MD5 48a834b3f09e5e3e4f9f0f90d42cd855
SHA1 50c4cf4edca879dc300303f724e730135d392360
SHA256 d252fe0b38bf7d8215e681d19a086fb478633aba81bff9bae5229c8932189bd7
SHA512 ea067160a9c2826d00c3e3ace2fed9a3980ae0d172fbfd9622ac131d197535a8dac40e02a558bf158fdfce15eb30eb47eb10fc38cea22f4e1c15a657e5eb276c

C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg

MD5 cc8b73e87109c25a0603ddfcdbe6d639
SHA1 6cc19df3b3599af0a19528121e8bacb219907532
SHA256 b263668aa3fdd82fe3281be9114206a23ddb717f37faca851e77940a6129b6dc
SHA512 11b4963e9a58ef34c9ab1168bf32e33b5166bb31c50fd478483ced3b4e0fa4c50f660b5a9835388dc068ab01105faab30c659ea45ebe24307f75841c0c7bea68

C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg

MD5 d3538d781c3dd979babc82cac2b5c924
SHA1 be66c2dabf7a09579d32b0f853deeb9391610300
SHA256 4d3cdffecc47414d72088476ee62badbc4cf5d84a7efdb3a652eb33187862cb5
SHA512 7b8ee11f8d417012c30b4fdd489916bebebad09af3ae0830718d13a66136523173e570679ef7ec7081f67217dccebf63f16bf7c3b3b7fb91c6cdd43187b8b2db

C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg

MD5 be22d7d254c2a69da83a8973d2757a59
SHA1 48a3fb7b72135b82762fc8f26be559bbfaaf5a0f
SHA256 b40aa4b7ce8890d4feb340ea452b7feb46f749c4f8905ad631322dda54fcd343
SHA512 f1eb482ef3079a2b7316a2b6aea842baf2edd89b0e66c325a4de8b4a0e3431b46d97566283c3161c84470305766363507bca1490a930c7ea27b7c3213f59edb9

C:\Program Files (x86)\walqpvflorbzuzrtcnimxcbhrxa.nlg

MD5 40ae75f3cd1cd5b29b28b372a4cfe87f
SHA1 60d3c02c942dcfe0af99d02d2876271803900ec8
SHA256 30c9b19f4748e3bbaf1468a39977885975a76f621172b8ead58443e452b74d98
SHA512 b525620806272ad1541629aae14fc25200e087e313cf24c5211066393a01d2c1fa04fbdc157d1d4e536d74694a980c8b65febf923c106e6fb277006eb96a394f