Malware Analysis Report

2025-08-10 16:32

Sample ID 250420-h8fhyszpx8
Target JaffaCakes118_c5053b6a278897cf8629be4ba93b3030
SHA256 25513f2b017ee242a254117f14ff49bb55f034a64265724e8e76d49a696b2d60
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

25513f2b017ee242a254117f14ff49bb55f034a64265724e8e76d49a696b2d60

Threat Level: Known bad

The file JaffaCakes118_c5053b6a278897cf8629be4ba93b3030 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

UAC bypass

Pykspa family

Pykspa

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks computer location settings

Hijack Execution Flow: Executable Installer File Permissions Weakness

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-20 07:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-20 07:24

Reported

2025-04-20 07:26

Platform

win10v2004-20250410-en

Max time kernel

30s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "nbukixslyqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "nbukixslyqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ejtapvhrv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pxkumvkxeqgn = "arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\xjaokxqhsicncuzn.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Windows\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
N/A N/A C:\Windows\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Windows\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\nbukixslyqmzqkrhhj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe N/A
N/A N/A C:\Windows\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Windows\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
N/A N/A C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
N/A N/A C:\Windows\nbukixslyqmzqkrhhj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\nbukixslyqmzqkrhhj.exe N/A
N/A N/A C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
N/A N/A C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
N/A N/A C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
N/A N/A C:\Windows\xjaokxqhsicncuzn.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "ynhyxnjdrkhvniqhilc.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "arnghzxtjedtnkunqvofb.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "nbukixslyqmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "arnghzxtjedtnkunqvofb.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "nbukixslyqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xjaokxqhsicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbukixslyqmzqkrhhj.exe" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjaokxqhsicncuzn.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "ynhyxnjdrkhvniqhilc.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdtgbnfvfunxlcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arnghzxtjedtnkunqvofb.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxlwpzpdlypxj = "ynhyxnjdrkhvniqhilc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xdowmtgrwg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erjyvjdvhytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "erjyvjdvhytfvouji.exe ." C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pzoaufwluiajwm = "xjaokxqhsicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\szlulthtzkz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbwoofcxmgetmirjlphx.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\bxywczcdyycxwynltdbxyw.zcd C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File created C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Program Files (x86)\szlulthtzkzfpcclezipbkbjxjpapvfss.upy C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File created C:\Program Files (x86)\szlulthtzkzfpcclezipbkbjxjpapvfss.upy C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File created C:\Windows\szlulthtzkzfpcclezipbkbjxjpapvfss.upy C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\szlulthtzkzfpcclezipbkbjxjpapvfss.upy C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\bxywczcdyycxwynltdbxyw.zcd C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File created C:\Windows\bxywczcdyycxwynltdbxyw.zcd C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
File opened for modification C:\Windows\rjgacvurieevqoztxdxpmg.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\nbukixslyqmzqkrhhj.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\arnghzxtjedtnkunqvofb.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arnghzxtjedtnkunqvofb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nbukixslyqmzqkrhhj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ynhyxnjdrkhvniqhilc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4320 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4320 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4320 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1444 wrote to memory of 3788 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 1444 wrote to memory of 3788 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 1444 wrote to memory of 3788 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 4404 wrote to memory of 312 N/A C:\Windows\system32\cmd.exe C:\Windows\ynhyxnjdrkhvniqhilc.exe
PID 4404 wrote to memory of 312 N/A C:\Windows\system32\cmd.exe C:\Windows\ynhyxnjdrkhvniqhilc.exe
PID 4404 wrote to memory of 312 N/A C:\Windows\system32\cmd.exe C:\Windows\ynhyxnjdrkhvniqhilc.exe
PID 312 wrote to memory of 2200 N/A C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Windows\system32\cmd.exe
PID 312 wrote to memory of 2200 N/A C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Windows\system32\cmd.exe
PID 312 wrote to memory of 2200 N/A C:\Windows\ynhyxnjdrkhvniqhilc.exe C:\Windows\system32\cmd.exe
PID 3792 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 3792 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 3792 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 2660 wrote to memory of 1824 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 2660 wrote to memory of 1824 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 2660 wrote to memory of 1824 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 3920 wrote to memory of 4452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
PID 3920 wrote to memory of 4452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
PID 3920 wrote to memory of 4452 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe
PID 1824 wrote to memory of 5004 N/A C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1824 wrote to memory of 5004 N/A C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1824 wrote to memory of 5004 N/A C:\Windows\erjyvjdvhytfvouji.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 668 wrote to memory of 2112 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
PID 668 wrote to memory of 2112 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
PID 668 wrote to memory of 2112 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe
PID 2112 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe C:\Windows\ynhyxnjdrkhvniqhilc.exe
PID 2112 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe C:\Windows\ynhyxnjdrkhvniqhilc.exe
PID 2112 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe C:\Windows\ynhyxnjdrkhvniqhilc.exe
PID 3128 wrote to memory of 1868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
PID 3128 wrote to memory of 1868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
PID 3128 wrote to memory of 1868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe
PID 2440 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
PID 2440 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
PID 2440 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe
PID 2796 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2796 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2796 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1212 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
PID 1212 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
PID 1212 wrote to memory of 3952 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
PID 1212 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
PID 1212 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
PID 1212 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe
PID 4420 wrote to memory of 2380 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 4420 wrote to memory of 2380 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 4420 wrote to memory of 2380 N/A C:\Windows\system32\cmd.exe C:\Windows\erjyvjdvhytfvouji.exe
PID 3812 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\xjaokxqhsicncuzn.exe
PID 3812 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\xjaokxqhsicncuzn.exe
PID 3812 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\xjaokxqhsicncuzn.exe
PID 744 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\lbwoofcxmgetmirjlphx.exe
PID 744 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\lbwoofcxmgetmirjlphx.exe
PID 744 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\lbwoofcxmgetmirjlphx.exe
PID 2392 wrote to memory of 3336 N/A C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2392 wrote to memory of 3336 N/A C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2392 wrote to memory of 3336 N/A C:\Windows\xjaokxqhsicncuzn.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4620 wrote to memory of 3868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4620 wrote to memory of 3868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4620 wrote to memory of 3868 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3116 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 3116 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 3116 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 3100 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Windows\lbwoofcxmgetmirjlphx.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c5053b6a278897cf8629be4ba93b3030.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe

"C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe" "-C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe

"C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe" "-C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ynhyxnjdrkhvniqhilc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\xjaokxqhsicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\xjaokxqhsicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\nbukixslyqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\nbukixslyqmzqkrhhj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\erjyvjdvhytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c erjyvjdvhytfvouji.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\erjyvjdvhytfvouji.exe

erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ynhyxnjdrkhvniqhilc.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\xjaokxqhsicncuzn.exe

xjaokxqhsicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe .

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arnghzxtjedtnkunqvofb.exe

C:\Windows\ynhyxnjdrkhvniqhilc.exe

ynhyxnjdrkhvniqhilc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\xjaokxqhsicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe

C:\Users\Admin\AppData\Local\Temp\ynhyxnjdrkhvniqhilc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\nbukixslyqmzqkrhhj.exe

nbukixslyqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ynhyxnjdrkhvniqhilc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\nbukixslyqmzqkrhhj.exe*."

C:\Windows\arnghzxtjedtnkunqvofb.exe

arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe

C:\Users\Admin\AppData\Local\Temp\arnghzxtjedtnkunqvofb.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\lbwoofcxmgetmirjlphx.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\arnghzxtjedtnkunqvofb.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\lbwoofcxmgetmirjlphx.exe*."

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Windows\lbwoofcxmgetmirjlphx.exe

lbwoofcxmgetmirjlphx.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\lbwoofcxmgetmirjlphx.exe*."

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\erjyvjdvhytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nbukixslyqmzqkrhhj.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.145.136:80 www.youtube.com tcp
US 8.8.8.8:53 gyuuym.org udp
BY 178.122.162.202:27691 tcp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 persnzi.org udp
US 8.8.8.8:53 nxcrjzp.net udp
US 8.8.8.8:53 wmdwkmzbnn.info udp
US 8.8.8.8:53 vdwshxuep.net udp
US 8.8.8.8:53 qqgyfxxrwi.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 wgmegscc.com udp
US 8.8.8.8:53 qtnjetdy.net udp
US 8.8.8.8:53 dzjkpyvf.net udp
US 8.8.8.8:53 ifnwbneabtf.info udp
US 8.8.8.8:53 zbwlzqxw.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 gcpjffh.info udp
US 8.8.8.8:53 mosdfswcd.info udp
US 8.8.8.8:53 daegkyr.info udp
US 8.8.8.8:53 zpqwjseqhs.info udp
US 8.8.8.8:53 iysucq.com udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 lqeojotccivv.info udp
US 8.8.8.8:53 yaaqimkemuce.com udp
US 8.8.8.8:53 etlwfphos.info udp
US 8.8.8.8:53 muoqimuscemc.org udp
US 8.8.8.8:53 ygoukmwg.org udp
BY 178.122.162.202:27691 tcp
US 8.8.8.8:53 agawicqoks.org udp
US 8.8.8.8:53 ccmmeugywq.com udp
US 8.8.8.8:53 pqdelqlhdqh.com udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 oyxyjlakhkr.info udp
US 8.8.8.8:53 emctawyczn.info udp
US 8.8.8.8:53 anymbr.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 fvmsxycepv.net udp
US 8.8.8.8:53 dbtcghvk.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 fgycbxlsrq.net udp
US 8.8.8.8:53 bqbsjkh.org udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 adjnjbudjrjt.info udp
US 8.8.8.8:53 ggskcgqg.com udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 gydjlgvan.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 pmxkrcziuai.org udp
US 8.8.8.8:53 caewgmh.info udp
US 8.8.8.8:53 tsmromxtvvyj.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 wgokusgkwg.com udp
US 8.8.8.8:53 xsekchzjfydb.info udp
US 8.8.8.8:53 dvszuodt.net udp
US 8.8.8.8:53 jdllyjvqfgr.org udp
US 8.8.8.8:53 wohztrcfjyl.info udp
US 8.8.8.8:53 nqalpspgr.net udp
US 8.8.8.8:53 yoeaeg.com udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 ixothmlccnz.info udp
US 8.8.8.8:53 jduopkweq.net udp
US 8.8.8.8:53 oocqoeecym.org udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 fzyvluxs.info udp
US 8.8.8.8:53 gnqwcwodb.info udp
US 8.8.8.8:53 gsnjphd.net udp
US 8.8.8.8:53 rwmxvpkpk.org udp
US 8.8.8.8:53 dkfgwehaj.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 xulkrex.info udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 kcznfkyujop.net udp
US 8.8.8.8:53 ryxhnpyqlnzv.net udp
US 8.8.8.8:53 mueuuaskwug.net udp
US 8.8.8.8:53 ucnalojjt.net udp
US 8.8.8.8:53 suewmygk.org udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 zpzwmsq.info udp
US 8.8.8.8:53 hnrrjpt.net udp
US 8.8.8.8:53 hblyepcqpi.net udp
US 8.8.8.8:53 guwswaoi.com udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 kyrterbf.net udp
US 8.8.8.8:53 wylndrw.info udp
US 8.8.8.8:53 anrsjtp.net udp
US 8.8.8.8:53 vkvgugmdpkt.net udp
US 8.8.8.8:53 bcbfnejsopu.info udp
US 8.8.8.8:53 ikofgofgn.info udp
US 8.8.8.8:53 soiskqic.com udp
US 8.8.8.8:53 vgjhrvr.com udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 sdxkgkuutyz.info udp
US 8.8.8.8:53 myfmlyb.info udp
US 8.8.8.8:53 tticgcrgn.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 rxhqqmwklx.net udp
US 8.8.8.8:53 qmyuks.com udp
US 8.8.8.8:53 vuhisgjsczx.net udp
US 8.8.8.8:53 ugyeff.net udp
US 8.8.8.8:53 rxqkxndg.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 cdiydibikyqf.info udp
US 8.8.8.8:53 wcgokuakeo.org udp
US 8.8.8.8:53 emsywqgm.com udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 lglnud.info udp
US 8.8.8.8:53 jnufvunmp.org udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 qwxckurtt.net udp
US 8.8.8.8:53 lyeyiu.net udp
US 8.8.8.8:53 qumwmkakewmc.org udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 cgsrzat.info udp
US 8.8.8.8:53 ojbaowhir.info udp
US 8.8.8.8:53 tinvovbhbw.net udp
US 8.8.8.8:53 keoqukis.org udp
US 8.8.8.8:53 nciinn.info udp
US 8.8.8.8:53 rrfcfekgpco.org udp
US 8.8.8.8:53 aywmxsc.info udp
US 8.8.8.8:53 aguugkwrxyno.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 sgvyaujcxaj.info udp
US 8.8.8.8:53 osmnkcbglpv.info udp
US 8.8.8.8:53 fzxyylby.info udp
US 8.8.8.8:53 jrlcxnnilzx.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 cahivmi.net udp
US 8.8.8.8:53 thalgab.net udp
US 8.8.8.8:53 aqawas.com udp
US 8.8.8.8:53 kvlmrkwad.info udp
US 8.8.8.8:53 ptueqhvcbd.net udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 wsmssdvzv.info udp
US 8.8.8.8:53 fffqhazzmohe.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 xfdwjdwe.info udp
US 8.8.8.8:53 jnkodjntnaft.info udp
US 8.8.8.8:53 hvlqdtmah.com udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 qihijadwr.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 djeykyv.org udp
US 8.8.8.8:53 nsvvpaixtgsu.net udp
US 8.8.8.8:53 pevttnigvip.net udp
US 8.8.8.8:53 eqsmwg.org udp
US 8.8.8.8:53 gsdglnp.net udp
US 8.8.8.8:53 kiutjiqevj.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 iciijrd.info udp
US 8.8.8.8:53 stjubatgpbm.info udp
US 8.8.8.8:53 iojoxzswsv.info udp
US 8.8.8.8:53 smesbqnara.net udp
US 8.8.8.8:53 byqsfwj.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 ialtjonec.info udp
US 8.8.8.8:53 jigtjgpgw.org udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 gwkuyamoug.org udp
US 8.8.8.8:53 ngsdpzfl.info udp
US 8.8.8.8:53 kituhhmeu.info udp
US 8.8.8.8:53 nrlouanfr.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 ftdzvcyeta.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 dhtudxhfjkrl.info udp
US 8.8.8.8:53 lszrfvjcrn.info udp
US 8.8.8.8:53 jeyjxqwfwu.net udp
US 8.8.8.8:53 zbwyvmhc.net udp
US 8.8.8.8:53 iwqwlmhnvab.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 jvhhpz.info udp
US 8.8.8.8:53 igvdguf.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 cmqyomemmk.org udp
US 8.8.8.8:53 lotkfoa.org udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 luhpvyll.info udp
US 8.8.8.8:53 nxmtndxoxntx.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 ghyymshxy.net udp
US 8.8.8.8:53 rriffvwbyi.net udp
US 8.8.8.8:53 lirmzsckr.com udp
US 8.8.8.8:53 yjhczh.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 tmyugxeuqs.info udp
US 8.8.8.8:53 bwjgnejdgyz.net udp
US 8.8.8.8:53 seimouig.org udp
US 8.8.8.8:53 sdayibpqflfs.info udp
US 8.8.8.8:53 zpqelj.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 xmksnjkx.info udp
US 8.8.8.8:53 ukhlpsb.info udp
US 8.8.8.8:53 kgrxjbj.info udp
US 8.8.8.8:53 xefyrbw.net udp
US 8.8.8.8:53 egkfqnxj.net udp
US 8.8.8.8:53 hcxkvqpgp.info udp
US 8.8.8.8:53 iuertjkaekb.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 zbfcxvqtjx.info udp
US 8.8.8.8:53 iunassvxled.info udp
US 8.8.8.8:53 xnpkygf.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 caztlqhiymc.info udp
US 8.8.8.8:53 ngvaqozuqwz.net udp
US 8.8.8.8:53 weglibakx.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 eujquinixtu.net udp
US 8.8.8.8:53 vaxrzhzzgxjp.info udp
US 8.8.8.8:53 hvweopbbfia.info udp
US 8.8.8.8:53 pnzcfzquxq.info udp
US 8.8.8.8:53 uzkkfpnqprh.net udp
US 8.8.8.8:53 zjlidcrcedp.com udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 psaqfiw.org udp
US 8.8.8.8:53 vhpgrd.net udp
US 8.8.8.8:53 gsirxgmdst.net udp
US 8.8.8.8:53 jcnkjnnkf.com udp
US 8.8.8.8:53 bykjeksichy.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 wqquyywm.org udp
US 8.8.8.8:53 vdejbif.info udp
US 8.8.8.8:53 ueaaaeqouy.org udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 ofmizabpd.net udp
US 8.8.8.8:53 xbikzousfv.net udp
US 8.8.8.8:53 kggeujf.info udp
US 8.8.8.8:53 oqmicasgweow.org udp
US 8.8.8.8:53 akrldi.info udp
US 8.8.8.8:53 uffnhzjx.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 hqvqazz.net udp
US 8.8.8.8:53 rzwfvq.info udp
US 8.8.8.8:53 iinolqkgvc.net udp
US 8.8.8.8:53 hunsxel.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 lwlobfjrbgyi.net udp
US 8.8.8.8:53 edorjl.info udp
US 8.8.8.8:53 equnyx.info udp
US 8.8.8.8:53 wegmmuksgaz.info udp
US 8.8.8.8:53 flkrix.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 ttsybsra.info udp
US 8.8.8.8:53 anithkhld.net udp
US 8.8.8.8:53 gtqgralcx.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 itnkwq.net udp
US 8.8.8.8:53 skwqcyceqm.com udp
US 8.8.8.8:53 aldrtf.net udp
US 8.8.8.8:53 njzhvcne.net udp
US 8.8.8.8:53 ttrvdc.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 mfwloi.net udp
US 8.8.8.8:53 wnsejyt.net udp
US 8.8.8.8:53 mrcknvkizk.info udp
US 8.8.8.8:53 xalmtrzefq.net udp
US 8.8.8.8:53 sswrrv.net udp
US 8.8.8.8:53 gosnego.info udp
US 8.8.8.8:53 rclazebjpl.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 semqcmcy.org udp
US 8.8.8.8:53 ztersuwxzu.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 kbravsgoirex.info udp
US 8.8.8.8:53 bbbwcc.net udp
US 8.8.8.8:53 hvxwrydmnck.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 fnlkdgek.info udp
US 8.8.8.8:53 wokcgeyu.org udp
US 8.8.8.8:53 pdacnaxnt.net udp
US 8.8.8.8:53 uqbmlrpshsn.info udp
US 8.8.8.8:53 gvfhiafpmuju.net udp
US 8.8.8.8:53 ywcqyuygmoqe.com udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 osamhzb.info udp
US 8.8.8.8:53 isqhwzylmcf.info udp
US 8.8.8.8:53 zedxzm.info udp
US 8.8.8.8:53 dohskys.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 uotuzyrhmoj.net udp
US 8.8.8.8:53 emajipxyvb.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 sdqzlp.info udp
US 8.8.8.8:53 qykzii.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 wilsuozqj.info udp
US 8.8.8.8:53 gwykmuuygoqu.com udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 bitsgxf.net udp
US 8.8.8.8:53 qmmjhisghfna.info udp
US 8.8.8.8:53 gjjgga.net udp
US 8.8.8.8:53 xpkmrmdatij.net udp
US 8.8.8.8:53 npwjzvccviiq.info udp
US 8.8.8.8:53 ikndlflmt.info udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 vehydanleh.net udp
US 8.8.8.8:53 soonrfga.info udp
US 8.8.8.8:53 rrvoahykpt.info udp
US 8.8.8.8:53 dorprxrib.com udp
US 8.8.8.8:53 qmtwdgd.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 edggbx.net udp
US 8.8.8.8:53 jnoisdyai.com udp
US 8.8.8.8:53 zcyckcv.org udp
US 8.8.8.8:53 rtdnfv.net udp
US 8.8.8.8:53 ocwkgswcciym.com udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 ikdijojid.net udp
US 8.8.8.8:53 ecowkahzlqd.net udp
US 8.8.8.8:53 ngaiyftrppdu.net udp
US 8.8.8.8:53 giqjic.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 nndkkthuo.com udp
US 8.8.8.8:53 gakjcwrvfsxh.net udp
US 8.8.8.8:53 euxxxslrb.net udp
US 8.8.8.8:53 tilbvyqg.net udp
US 8.8.8.8:53 ggyiysya.com udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 anhszxet.info udp
US 8.8.8.8:53 txyjekmg.info udp
US 8.8.8.8:53 pnhqfs.info udp
US 8.8.8.8:53 cbasfir.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 cnzloatrxd.net udp
US 8.8.8.8:53 flyzxisaz.org udp
US 8.8.8.8:53 wwzfromlf.info udp
US 8.8.8.8:53 ruwzbfbfub.info udp
US 8.8.8.8:53 ymememwsig.com udp
US 8.8.8.8:53 fejlnqlkd.net udp
US 8.8.8.8:53 iiksqsiymcmg.com udp
US 8.8.8.8:53 unbtyrkqob.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 yocgyw.com udp
US 8.8.8.8:53 coeywyii.org udp
US 8.8.8.8:53 nfhabdz.com udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 yknyjkh.info udp
US 8.8.8.8:53 rgzkqmp.com udp
US 8.8.8.8:53 lugwvmbknc.info udp
US 8.8.8.8:53 sqdwann.net udp
US 8.8.8.8:53 yilmrafyl.net udp
US 8.8.8.8:53 gcfwdpl.net udp
US 8.8.8.8:53 tdcitd.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 vfhecp.info udp
US 8.8.8.8:53 lkzgvzl.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 duninfxu.info udp
US 8.8.8.8:53 imrkbttwm.info udp
US 8.8.8.8:53 geqgxcjnf.net udp
US 8.8.8.8:53 wagksk.org udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 nxfcru.info udp
US 8.8.8.8:53 qizgnqrarod.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 zpkkcbxl.net udp
US 8.8.8.8:53 moywss.org udp
US 8.8.8.8:53 fenykgpkio.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 zdidzuta.net udp
US 8.8.8.8:53 eslrtgelfe.net udp
US 8.8.8.8:53 bbrqxulc.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 ygicagqyqw.com udp
US 8.8.8.8:53 fsdpuczzcyf.net udp
US 8.8.8.8:53 halgjos.org udp
US 8.8.8.8:53 nfpwrgeddstg.info udp
US 8.8.8.8:53 pcjnmmbtx.com udp
US 8.8.8.8:53 wkqewwscgiag.org udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 hydtzvndnuk.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 vsvzddgw.info udp
US 8.8.8.8:53 yznziifof.net udp
US 8.8.8.8:53 zgfmpuy.org udp
US 8.8.8.8:53 fabapvt.org udp
US 8.8.8.8:53 kcobykowxd.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 ymoqjujbkv.info udp
US 8.8.8.8:53 jvzfqfvgnbgk.info udp
US 8.8.8.8:53 nrrhkh.net udp
US 8.8.8.8:53 igdglrwiubsl.info udp
US 8.8.8.8:53 vjjkehvdrnms.info udp
US 8.8.8.8:53 yigdbumysis.net udp
US 8.8.8.8:53 rbnyaqx.net udp
US 8.8.8.8:53 hcrygrpcger.org udp
US 8.8.8.8:53 yqhjgibtrr.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 rkrpzugvy.com udp
US 8.8.8.8:53 elrkzzjtrkpj.net udp
US 8.8.8.8:53 euemmwmi.com udp
US 8.8.8.8:53 twwtoctvrdnh.net udp
US 8.8.8.8:53 fosyxsfclid.org udp
US 8.8.8.8:53 qvmhyfhlpp.info udp
US 8.8.8.8:53 yimjjyblzif.info udp
US 8.8.8.8:53 akhupojaj.net udp
US 8.8.8.8:53 bakcryvyjkl.com udp
US 8.8.8.8:53 emscoaqosk.org udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 poleddfcltp.net udp
US 8.8.8.8:53 mtjgtcurvfg.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 luredqszppv.com udp
US 8.8.8.8:53 prrekgjjesha.net udp
US 8.8.8.8:53 qxpqcowoxj.net udp
US 8.8.8.8:53 ljwbnqbmvb.info udp
US 8.8.8.8:53 frzvldlkry.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 rwlyfdpgx.com udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 agoqqeqsywyk.org udp
US 8.8.8.8:53 vqnjfuxqymh.org udp
US 8.8.8.8:53 wnhoebtymh.net udp
US 8.8.8.8:53 mqqgfwhdrk.info udp
US 8.8.8.8:53 mwgwjsokosk.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 hykuxrnkthb.org udp
US 8.8.8.8:53 yahmpsnkbaxm.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 vteelbsv.info udp
US 8.8.8.8:53 gpvqrkajgm.net udp
US 8.8.8.8:53 iosywgckiw.com udp
US 8.8.8.8:53 qvijhvzfyz.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 oinibwp.info udp
US 8.8.8.8:53 uasqhslkxwx.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 iqfwyzft.net udp
US 8.8.8.8:53 clfghixibej.info udp
US 8.8.8.8:53 mpwtttjmmir.net udp
US 8.8.8.8:53 fkogdnf.info udp
US 8.8.8.8:53 pzdxrsizvylz.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ifkcjarwz.net udp
US 8.8.8.8:53 yytylvvekmm.net udp
US 8.8.8.8:53 cmiqomwewa.org udp
US 8.8.8.8:53 cscugc.com udp
US 8.8.8.8:53 ajzglksltchy.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 mnzyduz.net udp
US 8.8.8.8:53 ggzbfjod.net udp
US 8.8.8.8:53 xpqrhnbrrohe.info udp
US 8.8.8.8:53 kgxixuj.net udp
US 8.8.8.8:53 cswxisbcdpe.net udp
US 8.8.8.8:53 zhibftntju.net udp
US 8.8.8.8:53 dotnhzb.net udp
US 8.8.8.8:53 jwferid.com udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 zqdndmbf.info udp
US 8.8.8.8:53 cykxrrvwfp.net udp
US 8.8.8.8:53 umjmzklivoi.net udp
US 8.8.8.8:53 rzcstql.net udp
US 8.8.8.8:53 npcgxsmr.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 kbasfytnrmde.net udp
US 8.8.8.8:53 tlqocoj.com udp
US 8.8.8.8:53 phtcvymjphzv.net udp
US 8.8.8.8:53 hydkflhmdvvo.net udp
US 8.8.8.8:53 dbwrlr.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 ouoyccooqw.org udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 uficjqme.info udp
US 8.8.8.8:53 zqogrxmonad.org udp
US 8.8.8.8:53 euigmsuckm.org udp
US 8.8.8.8:53 sxxljmldcw.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 rmlhtbyug.info udp
US 8.8.8.8:53 kcsotwn.info udp
US 8.8.8.8:53 cissaqwgic.org udp
US 8.8.8.8:53 pctkqgjqngg.org udp
US 8.8.8.8:53 ajeijvbtgd.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 qkusgq.org udp
US 8.8.8.8:53 pddjqiyhax.net udp
US 8.8.8.8:53 jfezcmohhtrg.info udp
US 8.8.8.8:53 lduqer.net udp
US 8.8.8.8:53 smwuoqgo.com udp
US 8.8.8.8:53 mjtamh.net udp
US 8.8.8.8:53 qcfhoqlv.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 jaoytkq.info udp
US 8.8.8.8:53 dhzlmjsy.info udp
US 8.8.8.8:53 dvimbkcibrz.org udp
US 8.8.8.8:53 autmurpsp.net udp
US 8.8.8.8:53 kwewyg.com udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 wbhxjt.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 awuqgq.org udp
US 8.8.8.8:53 awgfpbeanyp.net udp
US 8.8.8.8:53 lobfhotfxcfm.net udp
US 8.8.8.8:53 mwhjaifhdx.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 qocgsmgeew.com udp
US 8.8.8.8:53 emnhrtzvtcga.net udp
US 8.8.8.8:53 wkrrhuvzzv.net udp
US 8.8.8.8:53 omnalyb.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 utmuejhvgj.info udp
US 8.8.8.8:53 vgbkpmprtu.net udp
US 8.8.8.8:53 uokwzjo.net udp
US 8.8.8.8:53 xquifqbwfjsu.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 uapnxd.net udp
US 8.8.8.8:53 strpmpuozrzs.info udp
US 8.8.8.8:53 iacwky.org udp
US 8.8.8.8:53 vdwbvvrv.info udp
US 8.8.8.8:53 jzqyvjvl.info udp
US 8.8.8.8:53 mpokxpqwbata.net udp
US 8.8.8.8:53 sgwqkwkqoc.org udp
US 8.8.8.8:53 swzivimsyuoj.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 zuhfrjt.org udp
US 8.8.8.8:53 iebhjmt.net udp
US 8.8.8.8:53 gkpwvspelpn.net udp
US 8.8.8.8:53 rgbqzfudgs.info udp
US 8.8.8.8:53 ctycowoq.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 altqghs.net udp
US 8.8.8.8:53 peeifkbwlqt.com udp
US 8.8.8.8:53 aqzabijoxac.net udp
US 8.8.8.8:53 xphktmhtmf.net udp
US 8.8.8.8:53 cmeufywxtwx.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 cmauaqksuqss.org udp
US 8.8.8.8:53 vabdmsqm.net udp
US 8.8.8.8:53 jdxicqbppk.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 jdgvvenagwus.info udp
US 8.8.8.8:53 eafurmvpncp.info udp
US 8.8.8.8:53 gtvprcpqb.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 ekdbbpkz.info udp
US 8.8.8.8:53 aubtjykgmo.info udp
US 8.8.8.8:53 habieix.info udp
US 8.8.8.8:53 mbppzvwehnid.net udp
US 8.8.8.8:53 cwefja.info udp
US 8.8.8.8:53 iosoyo.org udp
US 8.8.8.8:53 ibnswgd.info udp
US 8.8.8.8:53 iffazcaf.net udp
US 8.8.8.8:53 ukguxed.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 oyaeuues.com udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 aqqgue.org udp
US 8.8.8.8:53 flxtmjyi.net udp
US 8.8.8.8:53 tmyrayebtd.net udp
US 8.8.8.8:53 oayukawk.org udp
US 8.8.8.8:53 icoskayyms.org udp
US 8.8.8.8:53 fjiyoissn.org udp
US 8.8.8.8:53 dwqvxhbri.net udp
US 8.8.8.8:53 zyhrvrlcxxau.net udp
US 8.8.8.8:53 xwcquxgrbf.info udp
US 8.8.8.8:53 byzyzrrjb.com udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 qpsnvi.net udp
US 8.8.8.8:53 mtzsarlrxoaz.info udp
US 8.8.8.8:53 ogaaqsegcsua.com udp
US 8.8.8.8:53 jjvyfo.info udp
US 8.8.8.8:53 hwnpqv.net udp
US 8.8.8.8:53 skxsxgekl.info udp
US 8.8.8.8:53 vmewzhkl.net udp
US 8.8.8.8:53 bwfbvndj.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 bivjhubzx.net udp
US 8.8.8.8:53 tjmfzzgmsqha.info udp
US 8.8.8.8:53 vdhkdaj.info udp
US 8.8.8.8:53 msxvtst.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 fcxthmvhet.net udp
US 8.8.8.8:53 ldqpnc.info udp
US 8.8.8.8:53 ywooyzzd.net udp
US 8.8.8.8:53 uquumsac.com udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 qqlpxisgz.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 xbgldvj.info udp
US 8.8.8.8:53 wnqvlijrj.info udp
US 8.8.8.8:53 qihksex.info udp
US 8.8.8.8:53 xygarsosyip.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 dodmfddxhh.net udp
US 8.8.8.8:53 gozsooxaw.net udp
US 8.8.8.8:53 ipzkzazih.info udp
US 8.8.8.8:53 dutejaeahe.info udp
US 8.8.8.8:53 zqzwnltxn.info udp
US 8.8.8.8:53 bjhulpmfdw.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 zijaame.net udp
US 8.8.8.8:53 uzwkxydv.info udp
US 8.8.8.8:53 rolvewxjogiu.info udp
US 8.8.8.8:53 heryfeh.org udp
US 8.8.8.8:53 iyobvrfh.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 dfedwnwesn.net udp
US 8.8.8.8:53 ssskcoewoiuk.com udp
US 8.8.8.8:53 twxsqarfrw.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 svpenhlunv.info udp
US 8.8.8.8:53 huekdjkm.info udp
US 8.8.8.8:53 swoyoskeia.com udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 kpiusltjcs.info udp
US 8.8.8.8:53 ruaqpyt.info udp
US 8.8.8.8:53 dhvozgtebnb.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 veryfq.info udp
US 8.8.8.8:53 okxkuqn.net udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 cuaubdf.info udp
US 8.8.8.8:53 qouomase.com udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 hgsyflcivzpm.net udp
US 8.8.8.8:53 xsscirwh.net udp
US 8.8.8.8:53 gicyciwgoa.com udp

Files

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

MD5 5203b6ea0901877fbf2d8d6f6d8d338e
SHA1 c803e92561921b38abe13239c1fd85605b570936
SHA256 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060
SHA512 d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471

C:\Windows\SysWOW64\nbukixslyqmzqkrhhj.exe

MD5 c5053b6a278897cf8629be4ba93b3030
SHA1 8bbc4116b965c3546d3d52d2d90eca8d5979901f
SHA256 25513f2b017ee242a254117f14ff49bb55f034a64265724e8e76d49a696b2d60
SHA512 15b961286782c54d9bc04722679570afea0112facc107e17669c4cd4ea9695c198d312d91019275b850214f6b116fd88d5531b23555f364e6d0200ea1cdbe617

C:\Users\Admin\AppData\Local\Temp\ybjobfp.exe

MD5 e092a57be3f88162868fce94629ffd6a
SHA1 4d95e706bd2765e5ad01e412839604d5e7e4db19
SHA256 4d74ae58c6eb320dd7e560ef5a3a6bdff653b3eedeb7334dd8e2a4eabc7e1e6c
SHA512 04bdc301a1735852ff2a354248665895e6de941ad5788598f753fd4a08d7a18685e924664d46a73da5ccdced6f4f2ba3d26af2c0901f5f456720b55d2f6a6ea0

C:\Users\Admin\AppData\Local\bxywczcdyycxwynltdbxyw.zcd

MD5 a381a0d98b7f5db426fa9ac23dc5f96c
SHA1 c90e011684ec8a57dffec6ecdd0ae4f7889c6aae
SHA256 88b6bc31c67723e4e59cf2a8c029284485b3de738d24aa5462347c546626a2ea
SHA512 d9763bfdd5f4061293b55f2b292c0e4d5caeb7f316ac179506071de7bebcd714e7c62113ab3ed860dc57e5f52e89103d7aac073050eb8957e241d175489d1330

C:\Users\Admin\AppData\Local\szlulthtzkzfpcclezipbkbjxjpapvfss.upy

MD5 99caa1f96043b9786880e08f4a24bd62
SHA1 1f25788e6bd360c41aed414e5cc1f3ffba66460d
SHA256 a92c8df9eeee520299cce237a8b1cdcde13de1ea4eb5bea02dc180a55cf8fa38
SHA512 bb257ce85a14581117e539d4a48d6a945c7b2cc7dc180902cce240484038b58c8b787db645e19d3b4e89b24ac530811ef1e3f0b772ef33fc9aa32295a3ec91b1

C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd

MD5 4bbbdb5128b5ff16636a69594ec9247c
SHA1 5fe287ab963ae9dee57320826cc6a1b10b3bd1a3
SHA256 dfc439b636ce4f05ee5ebe587b60edf1607c5bbe3d941bc13d3f324fe7434de3
SHA512 32f23b217af1de7f6cb5165a32c669afcd1cefa8d33946b7f2d429f6ca62a723a4d4229a5045fd926871c27a92f4507edce7c65444b51308f77d9bb9abe12075

C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd

MD5 145c65c46599f8131f7f4cd80f0ddd9c
SHA1 c34d1d80eb83fd7cab6444f096aaf421c38c574f
SHA256 dcc822430efcc46305d4aad63bf00d65089f2999ef690cbe4c99dbd64f725ff5
SHA512 9374fe7591e9f4437364ea9c2cff862418fe17bf54a4c226904e7791ea629d3706af600606a098c304a751738e5055039b9a33a55987d2e4ab24b224ab6773b7

C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd

MD5 bcce051788926df4f2fbc6b81c81033b
SHA1 62f25ee2289ec7e0249ec1aeabe7a946ad45bb2e
SHA256 5ec69ebb119336b07cad22071f9b8aeadfeb84b30cc892c3137c80065d13a853
SHA512 e4812cc9d2280a816a9ef0409f976333fc66953fadbe6b21637dd7a2ca8f501a3b100099f6cc5d022fe981a594c10cdb6f5be08e79c74991000eee8bbabda446

C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd

MD5 c74bf3fffd1b8d4db7aaa08ba52b31f4
SHA1 c398bd3c14090c93ebda8462d00c8bdf6fed1b9d
SHA256 c275eae415fc9bfb76c4dd6c041f48ad7eb002ff253d63cc046b78dfe75c386f
SHA512 54c1e3c66a74cfca74357cd50376843f66126f97fc82df1aac718f5ffeea5c989357e3581900d7d341eda0b9a710b607d380f4b9fff3b4b962579961742f12ef

C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd

MD5 2f928aff9af7ac3cb284e67f5c1c5261
SHA1 1fcc5ec50fc42abe42b3d6dcaa081039084e206d
SHA256 94b924af7cbdcd09a496179c3d3f9555b24771c61fb146423aeca3e1fe09ffb0
SHA512 addff22753ceedd6b0930b67b994f268761ef5fe473b6a9c9b80c86644491e603c067d56c9dc41bfb865f11e26d44bca16710a771cd14c3d5c378acd608bcfc7

C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd

MD5 c6df609f588150e632545ef811066a81
SHA1 6a1d4a21d1e550312c2972740fba81f6c948dad6
SHA256 911ef5449c42bbb409923c33879b9c56c5a2c331d6bd98b9c87d6b1b856f025c
SHA512 a5cd9fa744b6ff65ca4630078cdb47a9c90e0b0bd1498b1b77876e2d2b8de8142962a4a058c19186175996a68382ba937f038df67e5eb913bd9cc30d29c2ab2a

C:\Program Files (x86)\bxywczcdyycxwynltdbxyw.zcd

MD5 b6226acd277e11b270d0ce92547db2bc
SHA1 ae5be48eb6c8a59d4971eaf43cd0503ae7d0ea9e
SHA256 59ab618d3b2860e58804c683babf5145da34731e09b0699662ffb78fdaea5533
SHA512 428f4c0737c30550fadee11ab7da9aa9538427aa5708d8aadaa5d677d0c3a4e8f2d2a52d4cec4c17fc0a656088bc5c495a2a6bfc07375a04ba64d225e2240235

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-20 07:24

Reported

2025-04-20 07:26

Platform

win11-20250410-en

Max time kernel

24s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "kbylgdsfbtfgikobme.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ibapmlcrpjxaeiodqkdc.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "kbylgdsfbtfgikobme.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ibapmlcrpjxaeiodqkdc.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "ibapmlcrpjxaeiodqkdc.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibapmlcrpjxaeiodqkdc.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\krehsfkn = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xbllt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\ujepidqbvlvuuuwh.exe N/A
N/A N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A
N/A N/A C:\Windows\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
N/A N/A C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
N/A N/A C:\Windows\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A
N/A N/A C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
N/A N/A C:\Windows\brnztpdpkbmmnordn.exe N/A
N/A N/A C:\Windows\ujepidqbvlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Windows\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\brnztpdpkbmmnordn.exe N/A
N/A N/A C:\Windows\kbylgdsfbtfgikobme.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A
N/A N/A C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Windows\ujepidqbvlvuuuwh.exe N/A
N/A N/A C:\Windows\brnztpdpkbmmnordn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Windows\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Windows\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Windows\brnztpdpkbmmnordn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe N/A
N/A N/A C:\Windows\vnlzvtjxunacfinbngy.exe N/A
N/A N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "ujepidqbvlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "ibapmlcrpjxaeiodqkdc.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "brnztpdpkbmmnordn.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "vnlzvtjxunacfinbngy.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "xrrhffxnmhwafkrhvqkka.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "ibapmlcrpjxaeiodqkdc.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ibapmlcrpjxaeiodqkdc.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "brnztpdpkbmmnordn.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "ibapmlcrpjxaeiodqkdc.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "kbylgdsfbtfgikobme.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pzpvjzhncns = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ibapmlcrpjxaeiodqkdc.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "ujepidqbvlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ujepidqbvlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\udsxkzglzj = "vnlzvtjxunacfinbngy.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mxovkbkrhtzu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbylgdsfbtfgikobme.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "ibapmlcrpjxaeiodqkdc.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "ujepidqbvlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\bjxbnbhly = "ibapmlcrpjxaeiodqkdc.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe ." C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\inyzit = "brnztpdpkbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vnlzvtjxunacfinbngy.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\inyzit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xrrhffxnmhwafkrhvqkka.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vbnpzlp = "brnztpdpkbmmnordn.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\orazgpqpxbzmaoedaehqpwfgfn.pcq C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File created C:\Windows\SysWOW64\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File created C:\Windows\SysWOW64\orazgpqpxbzmaoedaehqpwfgfn.pcq C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\SysWOW64\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File created C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Program Files (x86)\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File created C:\Program Files (x86)\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File created C:\Windows\orazgpqpxbzmaoedaehqpwfgfn.pcq C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\brnztpdpkbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ojkbabullhxciowncytulk.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\kbylgdsfbtfgikobme.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\ujepidqbvlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\vnlzvtjxunacfinbngy.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
File opened for modification C:\Windows\orazgpqpxbzmaoedaehqpwfgfn.pcq C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xrrhffxnmhwafkrhvqkka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ibapmlcrpjxaeiodqkdc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vnlzvtjxunacfinbngy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\brnztpdpkbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ujepidqbvlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2248 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 2248 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 2248 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 2264 wrote to memory of 6024 N/A C:\Windows\system32\cmd.exe C:\Windows\ujepidqbvlvuuuwh.exe
PID 2264 wrote to memory of 6024 N/A C:\Windows\system32\cmd.exe C:\Windows\ujepidqbvlvuuuwh.exe
PID 2264 wrote to memory of 6024 N/A C:\Windows\system32\cmd.exe C:\Windows\ujepidqbvlvuuuwh.exe
PID 2168 wrote to memory of 3324 N/A C:\Windows\system32\cmd.exe C:\Windows\xrrhffxnmhwafkrhvqkka.exe
PID 2168 wrote to memory of 3324 N/A C:\Windows\system32\cmd.exe C:\Windows\xrrhffxnmhwafkrhvqkka.exe
PID 2168 wrote to memory of 3324 N/A C:\Windows\system32\cmd.exe C:\Windows\xrrhffxnmhwafkrhvqkka.exe
PID 3324 wrote to memory of 5788 N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 3324 wrote to memory of 5788 N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 3324 wrote to memory of 5788 N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 1912 wrote to memory of 4816 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1912 wrote to memory of 4816 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1912 wrote to memory of 4816 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5124 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\kbylgdsfbtfgikobme.exe
PID 5124 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\kbylgdsfbtfgikobme.exe
PID 5124 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\kbylgdsfbtfgikobme.exe
PID 6052 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Windows\ujepidqbvlvuuuwh.exe
PID 6052 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Windows\ujepidqbvlvuuuwh.exe
PID 6052 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Windows\ujepidqbvlvuuuwh.exe
PID 4684 wrote to memory of 3384 N/A C:\Windows\kbylgdsfbtfgikobme.exe C:\Windows\system32\cmd.exe
PID 4684 wrote to memory of 3384 N/A C:\Windows\kbylgdsfbtfgikobme.exe C:\Windows\system32\cmd.exe
PID 4684 wrote to memory of 3384 N/A C:\Windows\kbylgdsfbtfgikobme.exe C:\Windows\system32\cmd.exe
PID 4216 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
PID 4216 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
PID 4216 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe
PID 4204 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe C:\Windows\system32\cmd.exe
PID 4204 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe C:\Windows\system32\cmd.exe
PID 4204 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe C:\Windows\system32\cmd.exe
PID 3360 wrote to memory of 1236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3360 wrote to memory of 1236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3360 wrote to memory of 1236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5548 wrote to memory of 396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5548 wrote to memory of 396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5548 wrote to memory of 396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 396 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe C:\Windows\system32\cmd.exe
PID 396 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe C:\Windows\system32\cmd.exe
PID 396 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe C:\Windows\system32\cmd.exe
PID 4408 wrote to memory of 5464 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
PID 4408 wrote to memory of 5464 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
PID 4408 wrote to memory of 5464 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
PID 4408 wrote to memory of 5752 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
PID 4408 wrote to memory of 5752 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
PID 4408 wrote to memory of 5752 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe
PID 1764 wrote to memory of 1232 N/A C:\Windows\system32\cmd.exe C:\Windows\ibapmlcrpjxaeiodqkdc.exe
PID 1764 wrote to memory of 1232 N/A C:\Windows\system32\cmd.exe C:\Windows\ibapmlcrpjxaeiodqkdc.exe
PID 1764 wrote to memory of 1232 N/A C:\Windows\system32\cmd.exe C:\Windows\ibapmlcrpjxaeiodqkdc.exe
PID 1752 wrote to memory of 1508 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1752 wrote to memory of 1508 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1752 wrote to memory of 1508 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5184 wrote to memory of 5556 N/A C:\Windows\system32\cmd.exe C:\Windows\xrrhffxnmhwafkrhvqkka.exe
PID 5184 wrote to memory of 5556 N/A C:\Windows\system32\cmd.exe C:\Windows\xrrhffxnmhwafkrhvqkka.exe
PID 5184 wrote to memory of 5556 N/A C:\Windows\system32\cmd.exe C:\Windows\xrrhffxnmhwafkrhvqkka.exe
PID 2832 wrote to memory of 5672 N/A C:\Windows\system32\cmd.exe C:\Windows\ibapmlcrpjxaeiodqkdc.exe
PID 2832 wrote to memory of 5672 N/A C:\Windows\system32\cmd.exe C:\Windows\ibapmlcrpjxaeiodqkdc.exe
PID 2832 wrote to memory of 5672 N/A C:\Windows\system32\cmd.exe C:\Windows\ibapmlcrpjxaeiodqkdc.exe
PID 5556 wrote to memory of 3572 N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5556 wrote to memory of 3572 N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5556 wrote to memory of 3572 N/A C:\Windows\xrrhffxnmhwafkrhvqkka.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5672 wrote to memory of 960 N/A C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5672 wrote to memory of 960 N/A C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5672 wrote to memory of 960 N/A C:\Windows\ibapmlcrpjxaeiodqkdc.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 3092 wrote to memory of 2936 N/A C:\Windows\system32\cmd.exe C:\Windows\ibapmlcrpjxaeiodqkdc.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c5053b6a278897cf8629be4ba93b3030.exe"

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c5053b6a278897cf8629be4ba93b3030.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe

"C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe" "-C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe"

C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe

"C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe" "-C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\xrrhffxnmhwafkrhvqkka.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\xrrhffxnmhwafkrhvqkka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe .

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\vnlzvtjxunacfinbngy.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\vnlzvtjxunacfinbngy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xrrhffxnmhwafkrhvqkka.exe

C:\Windows\xrrhffxnmhwafkrhvqkka.exe

xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe .

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ibapmlcrpjxaeiodqkdc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ibapmlcrpjxaeiodqkdc.exe

ibapmlcrpjxaeiodqkdc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\ibapmlcrpjxaeiodqkdc.exe*."

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Users\Admin\AppData\Local\Temp\ibapmlcrpjxaeiodqkdc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\kbylgdsfbtfgikobme.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Users\Admin\AppData\Local\Temp\vnlzvtjxunacfinbngy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c brnztpdpkbmmnordn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\brnztpdpkbmmnordn.exe

brnztpdpkbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brnztpdpkbmmnordn.exe*."

C:\Windows\ujepidqbvlvuuuwh.exe

ujepidqbvlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kbylgdsfbtfgikobme.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kbylgdsfbtfgikobme.exe

kbylgdsfbtfgikobme.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\kbylgdsfbtfgikobme.exe*."

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Users\Admin\AppData\Local\Temp\kbylgdsfbtfgikobme.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\ujepidqbvlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\ujepidqbvlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Users\Admin\AppData\Local\Temp\xrrhffxnmhwafkrhvqkka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\brnztpdpkbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brnztpdpkbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vnlzvtjxunacfinbngy.exe

C:\Windows\vnlzvtjxunacfinbngy.exe

vnlzvtjxunacfinbngy.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
GB 23.44.65.9:80 www.ebay.com tcp
BY 178.122.162.202:27691 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 aeyqymkgee.org udp
BY 178.122.162.202:27691 tcp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 aqyrrmxkz.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 ovnrwqtipvv.net udp
US 8.8.8.8:53 jscvmg.net udp
US 8.8.8.8:53 pqumrvd.net udp
US 8.8.8.8:53 dxtisnno.info udp
US 8.8.8.8:53 acyyey.com udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 kyzydtdwv.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 yiawgoaoig.org udp
US 8.8.8.8:53 eacgbydkdlg.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 jubqjqz.info udp
US 8.8.8.8:53 tpoupzil.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 aieoyeogouee.com udp
US 8.8.8.8:53 wtftrvhm.net udp
US 8.8.8.8:53 suztbupdigf.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 ooageu.org udp
US 8.8.8.8:53 btfmmham.info udp
US 8.8.8.8:53 unvecyahro.info udp
US 8.8.8.8:53 nciinn.info udp
US 8.8.8.8:53 dxdnlsrmksf.info udp
US 8.8.8.8:53 hivtqijot.info udp
US 8.8.8.8:53 yewjwlegot.net udp
US 8.8.8.8:53 kekeko.com udp
CA 209.172.40.245:80 kekeko.com tcp
US 8.8.8.8:53 lbvvrf.net udp
US 8.8.8.8:53 xntbsw.info udp
US 8.8.8.8:53 vczztgr.org udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 vknqpkztt.org udp
US 8.8.8.8:53 xmkyyoyv.net udp
US 8.8.8.8:53 hcvcekdht.info udp
US 8.8.8.8:53 tseybqgdb.net udp
US 8.8.8.8:53 dpkkxg.info udp
IT 195.110.124.133:80 iwemag.com tcp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 dabhuj.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 bijioimmq.net udp
US 8.8.8.8:53 fihjrrnguvmq.net udp
US 8.8.8.8:53 ahnjkhxy.info udp
US 8.8.8.8:53 oefxqbtj.info udp
US 8.8.8.8:53 sxhoqf.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 garynjfqf.net udp
US 8.8.8.8:53 eckmgg.org udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 iqmgzkoxl.net udp
US 8.8.8.8:53 rwfokij.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 kmikomikqckg.com udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 lexjorjlbhq.org udp
US 8.8.8.8:53 xustjkt.com udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 rcdorur.info udp
US 8.8.8.8:53 jyeuzd.info udp
US 8.8.8.8:53 yxzqtwhoq.info udp
US 8.8.8.8:53 sofopswuuym.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 jelvdocovu.net udp
US 8.8.8.8:53 dutejaeahe.info udp
US 8.8.8.8:53 gjveqwbteaex.info udp
US 8.8.8.8:53 tdrizhanqs.net udp
US 8.8.8.8:53 vcemhcvwotr.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 kcfzdhtyhtbm.info udp
US 8.8.8.8:53 lpgxktnjezgw.net udp
US 8.8.8.8:53 ivvuttqyfeby.net udp
US 8.8.8.8:53 heryfeh.org udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 qowqosye.org udp
US 8.8.8.8:53 xurfjknut.net udp
US 8.8.8.8:53 bmxeulf.com udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 jqlwjzv.com udp
US 8.8.8.8:53 utgwaqyjgb.info udp
US 8.8.8.8:53 vntuik.net udp
US 8.8.8.8:53 ioxkjqzqpuf.net udp
US 8.8.8.8:53 igvanbx.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 qiijvr.info udp
US 8.8.8.8:53 ppdhevvirgfu.info udp
US 8.8.8.8:53 ntvwyyxtdoj.info udp
US 8.8.8.8:53 blczoa.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 yeyammwmcm.org udp
US 8.8.8.8:53 vxgunu.info udp
US 8.8.8.8:53 lwvyfex.com udp
US 8.8.8.8:53 gjxljvvy.net udp
US 8.8.8.8:53 yyrabegyxun.net udp
US 8.8.8.8:53 vjqixv.net udp
US 8.8.8.8:53 tlounqrgzuw.org udp
US 8.8.8.8:53 fojqbjnov.org udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 rmpihmj.org udp
US 8.8.8.8:53 qcasbce.net udp
US 8.8.8.8:53 ycworew.net udp
US 8.8.8.8:53 ajabxauburla.info udp
US 8.8.8.8:53 hwxozvbdxh.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 nczwfklclou.net udp
US 8.8.8.8:53 wvfsqyizpu.info udp
US 8.8.8.8:53 zfnxchvqhbhx.info udp
US 8.8.8.8:53 ivucbnhwfeg.net udp
US 8.8.8.8:53 salzjxxdqvqz.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 fuothb.info udp
US 8.8.8.8:53 wacokycgky.org udp
US 8.8.8.8:53 xkvazepssln.org udp
US 8.8.8.8:53 jcxccnj.info udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 thpqpp.net udp
US 8.8.8.8:53 teutarmtihnn.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 jrnlzr.info udp
US 8.8.8.8:53 iqlatqh.net udp
US 8.8.8.8:53 iwuimkey.com udp
US 8.8.8.8:53 bqqxelvhrz.info udp
US 8.8.8.8:53 zodigrf.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 cmgwqm.org udp
US 8.8.8.8:53 tepaav.info udp
US 8.8.8.8:53 ackaecskyeyc.com udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 agsuaskkaicu.com udp
US 8.8.8.8:53 bhvlejgrbe.info udp
US 8.8.8.8:53 vnqlby.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 dayeocqiwk.info udp
US 8.8.8.8:53 xnvdciawrd.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 qwcigsuauk.org udp
US 8.8.8.8:53 ghmuvphem.info udp
US 8.8.8.8:53 qclwrgj.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 nsfkudrunez.net udp
US 8.8.8.8:53 cswqnjzgr.info udp
US 8.8.8.8:53 eqrnva.net udp
US 8.8.8.8:53 isiawauy.com udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 nujrrkrmuqt.org udp
US 8.8.8.8:53 iazcpmn.info udp
US 8.8.8.8:53 girokhtn.info udp
US 8.8.8.8:53 opoiednozwk.info udp
US 8.8.8.8:53 wzmpscdrchbj.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 epughazeka.info udp
US 8.8.8.8:53 coomqimu.org udp
US 8.8.8.8:53 thnwzbzrfef.net udp
US 8.8.8.8:53 ucoeskow.org udp
US 8.8.8.8:53 zarxomn.net udp
US 8.8.8.8:53 cbpicprdguen.net udp
US 8.8.8.8:53 howxzyvfb.com udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 pwicqnqgnv.info udp
US 8.8.8.8:53 ysuvlrlf.net udp
US 8.8.8.8:53 oismai.com udp

Files

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

MD5 5203b6ea0901877fbf2d8d6f6d8d338e
SHA1 c803e92561921b38abe13239c1fd85605b570936
SHA256 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060
SHA512 d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471

C:\Windows\SysWOW64\kbylgdsfbtfgikobme.exe

MD5 c5053b6a278897cf8629be4ba93b3030
SHA1 8bbc4116b965c3546d3d52d2d90eca8d5979901f
SHA256 25513f2b017ee242a254117f14ff49bb55f034a64265724e8e76d49a696b2d60
SHA512 15b961286782c54d9bc04722679570afea0112facc107e17669c4cd4ea9695c198d312d91019275b850214f6b116fd88d5531b23555f364e6d0200ea1cdbe617

C:\Users\Admin\AppData\Local\Temp\vbnpzlp.exe

MD5 90db20a22234f853f50dda6ae0686b57
SHA1 4c4d1139eccdba2efee2c8bac21879650dd53c08
SHA256 1d74a1bc45d05ef50a7f433b3c1870df34acd1c802f51b10bb778c38810123bb
SHA512 58a5cd82435c50fe54637df45fa9e1647ca1b127b9fa2c06f621d443331543715797299bcb7fec76eaaeee71e6227f954658437a7f5e2871f01b36403b3ff2dd

C:\Users\Admin\AppData\Local\pdxhztfpixgedcdnvkyscuoakdsbzyxyiqftn.pjv

MD5 2dcdc111f9aafe9ef692a7b077fbf111
SHA1 010d6d853d5ea9743d761eecb5b5cd82396d8167
SHA256 4ac5d1ad1a630c79f87fdfaf37ae1f726b1d11078f4c036a0c6c2ea551286d0e
SHA512 8d675261c88a04900904112f51e04adfd725c1dd1ff437272c673f39cf9935ffcc896560179ad7db84bcd97fd1a4a26d89ae6dcd3175aedf15ef5ce68369d733

C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 f75bd238a69da92aa9d828b5add77b16
SHA1 d6e0ac7a976f5d7baf7aaf2328958b215fe22ada
SHA256 f0f242855da9ac32f9d40cb195384e4ed5c8bc2760e4ea078d45d6c89849328c
SHA512 5c1dee8215aff6682fc56f477d60616f873e845c7afb178753356c46053f57063bfe66de667efc941fb2ea34e4713b5357370cfe47d3c8379c8321b98639e4a2

C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 72509ae66b1c311886c88e48e07bd60c
SHA1 ae607733faf17d4f233b51abb10b528935804fe9
SHA256 bd4f6caf57562d227f6ab767f80f71cfe8c615b3c651c8590a20bf45891195a8
SHA512 bb9744b126304fc63e3103bb02d4f37e0b7a5cc9dc41e716f5b99df5079368dfc98655388608de071d5283439aa19d7c55b46875bac10afdc5fcd5ae489684a6

C:\Users\Admin\AppData\Local\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 433e2375996643db4b0b4dc1b95842d2
SHA1 148f8cb06353bb6da6c229e0fabd09285d9f3e06
SHA256 5225c639a20bd6cc41e9f9342a46316028b049ec7780037db1be8ad436bad7b2
SHA512 d64342f931db8128e1c1d08c47c5d4aa4ce8cd4990f32063cc8bf3e89c49352e96da6b1b32a8af4f49dc95605bd7cc04143d3646108284097ef68be90d5c0f44

C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 96beb14f11b16d46ee729f3ab44d2a9b
SHA1 b8fd067bc4698ee28c9d69822c4e2d3cea0ca6f9
SHA256 7ef18932bbfeeed7f27f54a7960a7d68bd1796071812551440b17809c52be3ac
SHA512 1972eee210fda633eae191ee29e5fb9a125b3bad2c6374a40306c1f54988fb6bd7ba9f9360750dead54ff3d6b830bf0e94e30df1b1261f5789f74d2cdaa897a1

C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 93f0751122c8e215a2fc83eb68b29583
SHA1 a94f0abb11402ae77577885708d299420238d1e3
SHA256 092a0f9aa80f5aeb022ac714db339d9745d4d264d7c2fe4c9affb20c38e265fe
SHA512 30331c658a51ea5e412b4328156f44a3e46faf4649a3003c90faf85ff21b8f88e865761f1677a7d5daa02235fc89a350bf8557507100a5fed93add715a715348

C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 2ceb8c2b9f6411c3859457323b3be4f0
SHA1 4f5b16361b59804eb3db706b3691842f3e1fe962
SHA256 7a00f14c0b3a667f0ae0266c04a5905e309348e25b799d42e49c9991e88e9175
SHA512 7044695c821571ed08175fb1ff003054171c3fe1a7b648204013df501bcdd22172c8eb291bf261c3085ec983c3d045472b66b9782f4be31043e1260f5ccb09cb

C:\Program Files (x86)\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 35ca5f5d7fb9b3881211404a5bcd1ae7
SHA1 4fa68148279af21f0a4c9457b48cc5ceb73925d5
SHA256 1ac20961224e6bf378974400419578bcc58db2553aaa6ca7a9a5ef3d1710908e
SHA512 3eb2d18ee87dec05d68592b5a9b7f5bd1ffb25056e893d40349b9b973f6389dc894a49709c1e427695ea413bd659ff1f7611abb96c0be39d2da39a97880a3b30

C:\Users\Admin\AppData\Local\orazgpqpxbzmaoedaehqpwfgfn.pcq

MD5 fc611751f4addef07c8cceb6a27c3bad
SHA1 fe7469e503744211849bfd177a194f6029358f61
SHA256 cbc731d6e9e59ed69484b2d3a515a9874b492021fb5ae04f6550a69b2c511485
SHA512 52283945e23c959a8ef2f1de07d6aa00213db3a24d6db5120e9c5e3c001940a6e8b6ba2649d3807943f148dcbdf78f49e0472416673623d41bb7a1303f7f210e