Malware Analysis Report

2025-08-10 16:34

Sample ID 250421-fwrpcawjy8
Target JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b
SHA256 2e7aa86c211bcba2701f0d5acd491714bcbaf5f5cd6e930bc9795fdfb2a7f859
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2e7aa86c211bcba2701f0d5acd491714bcbaf5f5cd6e930bc9795fdfb2a7f859

Threat Level: Known bad

The file JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

UAC bypass

Modifies WinLogon for persistence

Pykspa family

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks computer location settings

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Looks up external IP address via web service

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-21 05:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-21 05:13

Reported

2025-04-21 05:16

Platform

win11-20250410-en

Max time kernel

55s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "vokgskfyyvsnqwqupgz.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gps = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tpftezlithjdvvyp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gps = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wxslbbsukdkjgltpvsklg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "vokgskfyyvsnqwqupgz.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gps = "C:\\Users\\Admin\\AppData\\Local\\Temp\\axodplywixavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bkwiksdmc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mynchsgslbrf = "vokgskfyyvsnqwqupgz.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ukdwfumcztnffiza.exe N/A
N/A N/A C:\Windows\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\ukdwfumcztnffiza.exe N/A
N/A N/A C:\Windows\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
N/A N/A C:\Windows\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Windows\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Windows\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Windows\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\kcxsduogfbxrtyruoe.exe N/A
N/A N/A C:\Windows\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe N/A
N/A N/A C:\Windows\xsqocwtoqpolqyuaxqljh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\xsqocwtoqpolqyuaxqljh.exe N/A
N/A N/A C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Windows\kcxsduogfbxrtyruoe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Windows\xsqocwtoqpolqyuaxqljh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
N/A N/A C:\Windows\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Windows\ukdwfumcztnffiza.exe N/A
N/A N/A C:\Windows\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Windows\bsmgqgzqojexycuwp.exe N/A
N/A N/A C:\Windows\xsqocwtoqpolqyuaxqljh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "bsmgqgzqojexycuwp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "iczwjcystrplpwrwskeb.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "xsqocwtoqpolqyuaxqljh.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "ukdwfumcztnffiza.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "vokgskfyyvsnqwqupgz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "vokgskfyyvsnqwqupgz.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "vokgskfyyvsnqwqupgz.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "bsmgqgzqojexycuwp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\whmpp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wxslbbsukdkjgltpvsklg.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "kcxsduogfbxrtyruoe.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tjtbgvbsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\axodplywixavoptln.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "kcxsduogfbxrtyruoe.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "kcxsduogfbxrtyruoe.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "ukdwfumcztnffiza.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kcxsduogfbxrtyruoe.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "ukdwfumcztnffiza.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iczwjcystrplpwrwskeb.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pewowkbqmfypoqg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "vokgskfyyvsnqwqupgz.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "vokgskfyyvsnqwqupgz.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uhotvhk = "wxslbbsukdkjgltpvsklg.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukdwfumcztnffiza.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ukdwfumcztnffiza = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vokgskfyyvsnqwqupgz.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xsqocwtoqpolqyuaxqljh.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "bsmgqgzqojexycuwp.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\uerehqcmdr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bsmgqgzqojexycuwp.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\paocgqdogvk = "kcxsduogfbxrtyruoe.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "vokgskfyyvsnqwqupgz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\maripcsgbtlbza = "iczwjcystrplpwrwskeb.exe ." C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\lyoekwlysjapm = "iczwjcystrplpwrwskeb.exe" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\oszgdgmqbjrxlchwceipwtwcgr.hnb C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File created C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File created C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File created C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File created C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\SysWOW64\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Program Files (x86)\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File created C:\Program Files (x86)\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\xsqocwtoqpolqyuaxqljh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\ukdwfumcztnffiza.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File created C:\Windows\kcxsduogfbxrtyruoe.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
File opened for modification C:\Windows\okjixsqmpppntczgeyutsh.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\utmdrpeesjolgjpjniy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ukdwfumcztnffiza.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ukdwfumcztnffiza.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tpftezlithjdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tpftezlithjdvvyp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhzpcznmzptpjlqjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ukdwfumcztnffiza.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iczwjcystrplpwrwskeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhzpcznmzptpjlqjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vokgskfyyvsnqwqupgz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xsqocwtoqpolqyuaxqljh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bsmgqgzqojexycuwp.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2600 wrote to memory of 5908 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 2600 wrote to memory of 5908 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 2600 wrote to memory of 5908 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 5404 wrote to memory of 1856 N/A C:\Windows\system32\cmd.exe C:\Windows\ukdwfumcztnffiza.exe
PID 5404 wrote to memory of 1856 N/A C:\Windows\system32\cmd.exe C:\Windows\ukdwfumcztnffiza.exe
PID 5404 wrote to memory of 1856 N/A C:\Windows\system32\cmd.exe C:\Windows\ukdwfumcztnffiza.exe
PID 1404 wrote to memory of 1736 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 1404 wrote to memory of 1736 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 1404 wrote to memory of 1736 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 1736 wrote to memory of 4896 N/A C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 1736 wrote to memory of 4896 N/A C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 1736 wrote to memory of 4896 N/A C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4936 wrote to memory of 5072 N/A C:\Windows\system32\cmd.exe C:\Windows\ukdwfumcztnffiza.exe
PID 4936 wrote to memory of 5072 N/A C:\Windows\system32\cmd.exe C:\Windows\ukdwfumcztnffiza.exe
PID 4936 wrote to memory of 5072 N/A C:\Windows\system32\cmd.exe C:\Windows\ukdwfumcztnffiza.exe
PID 4376 wrote to memory of 2316 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 4376 wrote to memory of 2316 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 4376 wrote to memory of 2316 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 2596 wrote to memory of 3460 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
PID 2596 wrote to memory of 3460 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
PID 2596 wrote to memory of 3460 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
PID 2316 wrote to memory of 2404 N/A C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 2316 wrote to memory of 2404 N/A C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 2316 wrote to memory of 2404 N/A C:\Windows\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 5196 wrote to memory of 4732 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
PID 5196 wrote to memory of 4732 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
PID 5196 wrote to memory of 4732 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe
PID 4732 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4732 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4732 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4760 wrote to memory of 4160 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
PID 4760 wrote to memory of 4160 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
PID 4760 wrote to memory of 4160 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe
PID 960 wrote to memory of 5924 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
PID 960 wrote to memory of 5924 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
PID 960 wrote to memory of 5924 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe
PID 5924 wrote to memory of 5640 N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 5924 wrote to memory of 5640 N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 5924 wrote to memory of 5640 N/A C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 5908 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
PID 5908 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
PID 5908 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
PID 5908 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
PID 5908 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
PID 5908 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe
PID 1136 wrote to memory of 688 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 1136 wrote to memory of 688 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 1136 wrote to memory of 688 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 132 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 132 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 132 wrote to memory of 248 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 5448 wrote to memory of 4360 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 5448 wrote to memory of 4360 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 5448 wrote to memory of 4360 N/A C:\Windows\system32\cmd.exe C:\Windows\bsmgqgzqojexycuwp.exe
PID 2444 wrote to memory of 1064 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 2444 wrote to memory of 1064 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 2444 wrote to memory of 1064 N/A C:\Windows\system32\cmd.exe C:\Windows\iczwjcystrplpwrwskeb.exe
PID 4360 wrote to memory of 2848 N/A C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4360 wrote to memory of 2848 N/A C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 4360 wrote to memory of 2848 N/A C:\Windows\bsmgqgzqojexycuwp.exe C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe
PID 1064 wrote to memory of 5736 N/A C:\Windows\iczwjcystrplpwrwskeb.exe C:\Windows\system32\cmd.exe
PID 1064 wrote to memory of 5736 N/A C:\Windows\iczwjcystrplpwrwskeb.exe C:\Windows\system32\cmd.exe
PID 1064 wrote to memory of 5736 N/A C:\Windows\iczwjcystrplpwrwskeb.exe C:\Windows\system32\cmd.exe
PID 2544 wrote to memory of 4088 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe

"C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe

"C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tpftezlithjdvvyp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tpftezlithjdvvyp.exe

tpftezlithjdvvyp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wxslbbsukdkjgltpvsklg.exe .

C:\Windows\wxslbbsukdkjgltpvsklg.exe

wxslbbsukdkjgltpvsklg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\wxslbbsukdkjgltpvsklg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wxslbbsukdkjgltpvsklg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe .

C:\Windows\wxslbbsukdkjgltpvsklg.exe

wxslbbsukdkjgltpvsklg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\axodplywixavoptln.exe

axodplywixavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe

C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\axodplywixavoptln.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\hhbtihxynfljfjqlqmdd.exe*."

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe

C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\tpftezlithjdvvyp.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tpftezlithjdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\utmdrpeesjolgjpjniy.exe

utmdrpeesjolgjpjniy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\tpftezlithjdvvyp.exe

tpftezlithjdvvyp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\axodplywixavoptln.exe

axodplywixavoptln.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\axodplywixavoptln.exe

axodplywixavoptln.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\tpftezlithjdvvyp.exe*."

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe

C:\Users\Admin\AppData\Local\Temp\utmdrpeesjolgjpjniy.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\axodplywixavoptln.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\tpftezlithjdvvyp.exe*."

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe

C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\wxslbbsukdkjgltpvsklg.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Windows\utmdrpeesjolgjpjniy.exe

utmdrpeesjolgjpjniy.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c utmdrpeesjolgjpjniy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\utmdrpeesjolgjpjniy.exe

utmdrpeesjolgjpjniy.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\utmdrpeesjolgjpjniy.exe*."

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe .

C:\Windows\jhzpcznmzptpjlqjmg.exe

jhzpcznmzptpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\jhzpcznmzptpjlqjmg.exe

jhzpcznmzptpjlqjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\jhzpcznmzptpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe

C:\Users\Admin\AppData\Local\Temp\jhzpcznmzptpjlqjmg.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\jhzpcznmzptpjlqjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\axodplywixavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe

C:\Users\Admin\AppData\Local\Temp\tpftezlithjdvvyp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\tpftezlithjdvvyp.exe*."

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe .

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\iczwjcystrplpwrwskeb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe .

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iczwjcystrplpwrwskeb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iczwjcystrplpwrwskeb.exe

iczwjcystrplpwrwskeb.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\bsmgqgzqojexycuwp.exe*."

C:\Windows\xsqocwtoqpolqyuaxqljh.exe

xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\xsqocwtoqpolqyuaxqljh.exe*."

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bsmgqgzqojexycuwp.exe

C:\Windows\vokgskfyyvsnqwqupgz.exe

vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bsmgqgzqojexycuwp.exe

bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe

C:\Users\Admin\AppData\Local\Temp\vokgskfyyvsnqwqupgz.exe .

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe

C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hhbtihxynfljfjqlqmdd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe

"C:\Users\Admin\AppData\Local\Temp\uhotvhk.exe" "-c:\users\admin\appdata\local\temp\iczwjcystrplpwrwskeb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kcxsduogfbxrtyruoe.exe .

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\bsmgqgzqojexycuwp.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\vokgskfyyvsnqwqupgz.exe*."

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\kcxsduogfbxrtyruoe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\hhbtihxynfljfjqlqmdd.exe

hhbtihxynfljfjqlqmdd.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c axodplywixavoptln.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\ukdwfumcztnffiza.exe*."

C:\Windows\kcxsduogfbxrtyruoe.exe

kcxsduogfbxrtyruoe.exe .

C:\Windows\ukdwfumcztnffiza.exe

ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhzpcznmzptpjlqjmg.exe .

C:\Windows\axodplywixavoptln.exe

axodplywixavoptln.exe .

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe

C:\Users\Admin\AppData\Local\Temp\xsqocwtoqpolqyuaxqljh.exe .

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Users\Admin\AppData\Local\Temp\bsmgqgzqojexycuwp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wxslbbsukdkjgltpvsklg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukdwfumcztnffiza.exe

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\users\admin\appdata\local\temp\ukdwfumcztnffiza.exe*."

C:\Windows\axodplywixavoptln.exe

axodplywixavoptln.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kcxsduogfbxrtyruoe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hhbtihxynfljfjqlqmdd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

"C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe" "c:\windows\kcxsduogfbxrtyruoe.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
DE 142.250.181.201:80 www.blogger.com tcp
LT 78.58.26.61:21724 tcp
US 52.11.240.239:80 yknalenansnan.com tcp
LT 78.60.224.102:20733 tcp
LT 78.62.13.88:41708 tcp
DE 89.117.50.89:35224 tcp
US 8.8.8.8:53 gcnunkuiwcymao.biz udp
US 8.8.8.8:53 cmecrwiq.info udp
US 8.8.8.8:53 quigcenansnan.com udp
LT 80.243.25.16:16038 tcp
US 8.8.8.8:53 qqbfxqeoya.net udp
US 8.8.8.8:53 akqipmiq.net udp
LT 78.62.87.209:14721 tcp
US 8.8.8.8:53 cgbywgeoya.biz udp
LT 78.63.100.27:15861 tcp
US 8.8.8.8:53 kqvomo.net udp
US 8.8.8.8:53 pmxxgifox.org udp
LT 88.216.14.161:40518 tcp
US 8.8.8.8:53 hfhcdkn.cc udp
LT 88.222.187.125:39171 tcp
US 8.8.8.8:53 ksovoiiugkeq.info udp
US 8.8.8.8:53 weoejaiq.info udp
US 8.8.8.8:53 mcjgkcuiwcymao.info udp
US 8.8.8.8:53 awdoageoya.biz udp
LT 88.216.49.253:14966 tcp
US 8.8.8.8:53 aubczufqbex.com udp
LT 78.58.13.154:29846 tcp
US 8.8.8.8:53 eexmdsdsholapet.org udp
US 8.8.8.8:53 yqwkqeiq.biz udp
US 8.8.8.8:53 aczswufqbex.cc udp
LT 78.62.69.177:30444 tcp
US 8.8.8.8:53 uyxyaguiwcymao.net udp
LT 78.56.179.199:33081 tcp
US 8.8.8.8:53 iodwkk.info udp
US 8.8.8.8:53 zytejgn.com udp
US 8.8.8.8:53 oitcuqfqbex.cc udp
LT 78.62.23.4:35844 tcp
LT 78.58.36.154:41237 tcp
US 8.8.8.8:53 wkbrhqeoya.net udp
US 8.8.8.8:53 ugxiqgeoya.biz udp
US 84.32.238.26:19273 tcp
US 8.8.8.8:53 godbpgfqbex.cc udp
US 8.8.8.8:53 wsecgmiq.biz udp
CA 88.216.96.219:25335 tcp
US 8.8.8.8:53 cavsgqeoya.biz udp
US 8.8.8.8:53 dqfulcn.cc udp
US 8.8.8.8:53 zdiclwfox.org udp
US 8.8.8.8:53 bjxctkn.com udp
LT 78.60.126.94:30637 tcp
US 8.8.8.8:53 sonmsguiwcymao.net udp
US 8.8.8.8:53 yesswaiugkeq.biz udp
US 8.8.8.8:53 ockwkwiq.biz udp
US 8.8.8.8:53 iqdssqeoya.net udp
US 8.8.8.8:53 tlnseifox.org udp
US 8.8.8.8:53 jzkufsfox.cc udp
US 8.8.8.8:53 wedkha.net udp
US 8.8.8.8:53 aggedsiugkeq.biz udp
US 8.8.8.8:53 lgjemifox.cc udp
US 8.8.8.8:53 teeyesfox.com udp
US 8.8.8.8:53 iiksqeiq.biz udp
US 8.8.8.8:53 vorwjkn.com udp
US 8.8.8.8:53 spcyamnansnan.com udp
US 8.8.8.8:53 ouiclaiugkeq.info udp
US 8.8.8.8:53 gikzowiq.net udp
US 8.8.8.8:53 gdhaksdsholapet.org udp
US 8.8.8.8:53 xxjohgn.cc udp
US 8.8.8.8:53 unrslqfqbex.org udp
US 8.8.8.8:53 ojaiekdsholapet.com udp
US 8.8.8.8:53 aydyaqeoya.net udp
US 8.8.8.8:53 eetgus.net udp
US 8.8.8.8:53 iuhmisdsholapet.cc udp
US 8.8.8.8:53 cegyfodsholapet.com udp
US 8.8.8.8:53 qauaiwiq.net udp
US 8.8.8.8:53 wkjcmqeoya.biz udp
US 8.8.8.8:53 ijnkngfqbex.org udp
US 8.8.8.8:53 qfdxjufqbex.cc udp
US 8.8.8.8:53 kwlwcyeoya.biz udp
US 8.8.8.8:53 ckmsgiiugkeq.biz udp
US 8.8.8.8:53 pbkgmafox.cc udp
US 8.8.8.8:53 akpmis.biz udp
US 8.8.8.8:53 eapucyeoya.net udp
US 8.8.8.8:53 ebhswkdsholapet.cc udp
US 8.8.8.8:53 jurxicn.com udp
US 8.8.8.8:53 cczwkgeoya.net udp
US 8.8.8.8:53 oavnko.net udp
US 8.8.8.8:53 wipylufqbex.cc udp
US 8.8.8.8:53 iranpadsholapet.com udp
US 8.8.8.8:53 ycrymk.biz udp
US 8.8.8.8:53 cedoko.info udp
US 8.8.8.8:53 zaldfafox.com udp
US 8.8.8.8:53 fdtekgn.org udp
US 8.8.8.8:53 keqkdaiugkeq.biz udp
US 8.8.8.8:53 qslgfyfqbex.com udp
US 8.8.8.8:53 ntguyifox.com udp
US 8.8.8.8:53 eyepgmiq.biz udp
US 8.8.8.8:53 jsfxdcn.com udp
US 8.8.8.8:53 zvsqgwfox.cc udp
US 8.8.8.8:53 akkzsmiq.biz udp
US 8.8.8.8:53 medcayeoya.biz udp
US 8.8.8.8:53 gwdjqufqbex.cc udp
US 8.8.8.8:53 lusihsfox.cc udp
US 8.8.8.8:53 kggqywiugkeq.info udp
US 8.8.8.8:53 sylkkk.info udp
US 8.8.8.8:53 kxpohsdsholapet.cc udp
LT 88.216.105.23:26119 tcp
US 8.8.8.8:53 cpcsmanansnan.cc udp
US 8.8.8.8:53 suvfsgeoya.biz udp
US 8.8.8.8:53 csudmaiq.net udp
US 8.8.8.8:53 mwdicadsholapet.com udp
US 8.8.8.8:53 kdisisdsholapet.cc udp
US 8.8.8.8:53 oqxuwgeoya.biz udp
US 8.8.8.8:53 emfkcgeoya.info udp
US 8.8.8.8:53 ubvyukdsholapet.org udp
US 8.8.8.8:53 wdwkwanansnan.cc udp
US 8.8.8.8:53 iqgexwiq.net udp
US 8.8.8.8:53 qasousiugkeq.net udp
US 8.8.8.8:53 tcpfuifox.cc udp
US 8.8.8.8:53 nujkukn.cc udp
US 8.8.8.8:53 wospgeiq.info udp
US 8.8.8.8:53 mmvrncuiwcymao.biz udp
US 8.8.8.8:53 ybjynenansnan.com udp
US 8.8.8.8:53 camquanansnan.com udp
US 8.8.8.8:53 uookkaiugkeq.biz udp
US 8.8.8.8:53 gkvbggeoya.biz udp
US 8.8.8.8:53 nzrougn.org udp
US 8.8.8.8:53 dgpklcn.cc udp
US 8.8.8.8:53 uoxeok.net udp
US 8.8.8.8:53 eylahwnansnan.com udp
US 8.8.8.8:53 khwufanansnan.org udp
US 8.8.8.8:53 geteqyeoya.info udp
US 8.8.8.8:53 igvpjkuiwcymao.info udp
US 8.8.8.8:53 grzqlyfqbex.cc udp
US 8.8.8.8:53 nyeufwfox.org udp
US 8.8.8.8:53 scpass.info udp
US 8.8.8.8:53 qsleiqeoya.biz udp
US 8.8.8.8:53 wgrcdadsholapet.cc udp
US 8.8.8.8:53 xczyecn.com udp
US 8.8.8.8:53 wipwmueoya.biz udp
US 8.8.8.8:53 amngrguiwcymao.net udp
US 8.8.8.8:53 stjrhenansnan.com udp
US 8.8.8.8:53 rpwgtafox.org udp
US 8.8.8.8:53 mmvkpkuiwcymao.net udp
US 8.8.8.8:53 aaonhaiugkeq.info udp
US 8.8.8.8:53 sftmlkdsholapet.org udp
US 8.8.8.8:53 qvkojenansnan.org udp
US 8.8.8.8:53 gcefaeiq.biz udp
US 8.8.8.8:53 wyogswiugkeq.biz udp
US 8.8.8.8:53 xjbgnsn.com udp
US 8.8.8.8:53 jploakn.com udp
US 8.8.8.8:53 mmrsnueoya.info udp
US 8.8.8.8:53 cgeqqwiq.info udp
US 8.8.8.8:53 omrekkdsholapet.com udp
US 8.8.8.8:53 yvsfvadsholapet.com udp
US 8.8.8.8:53 aefitcuiwcymao.info udp
US 8.8.8.8:53 gqdkeueoya.net udp
US 8.8.8.8:53 qdlypmnansnan.cc udp
US 8.8.8.8:53 lozotkn.cc udp
US 8.8.8.8:53 sifuwa.biz udp
US 8.8.8.8:53 ksuegmiq.net udp
US 8.8.8.8:53 razczcn.cc udp
US 8.8.8.8:53 rqffzgn.com udp
US 8.8.8.8:53 eepjbsuiwcymao.info udp
US 8.8.8.8:53 aqzasqeoya.info udp
US 8.8.8.8:53 vljnpwfox.org udp
US 8.8.8.8:53 impifufqbex.cc udp
US 8.8.8.8:53 ikkodiiugkeq.info udp
US 8.8.8.8:53 asibuwiugkeq.info udp
US 8.8.8.8:53 uxzsdkdsholapet.com udp
US 8.8.8.8:53 mmjiwqfqbex.cc udp
US 8.8.8.8:53 ocmzdmiq.net udp
US 8.8.8.8:53 cynhmueoya.info udp
US 8.8.8.8:53 sftccmnansnan.cc udp
US 8.8.8.8:53 skcbwanansnan.org udp
US 8.8.8.8:53 sqnxugeoya.biz udp
US 8.8.8.8:53 oikiiiiugkeq.biz udp
US 8.8.8.8:53 amddfodsholapet.cc udp
US 8.8.8.8:53 bqvutkn.com udp
US 8.8.8.8:53 motohkuiwcymao.net udp
US 8.8.8.8:53 mogoveiq.biz udp
US 8.8.8.8:53 wzzkladsholapet.org udp
US 8.8.8.8:53 scwkxwnansnan.cc udp
US 8.8.8.8:53 kkpnvqeoya.net udp
US 8.8.8.8:53 oknujk.net udp
US 8.8.8.8:53 mzrarenansnan.cc udp
US 8.8.8.8:53 asegcmnansnan.cc udp
US 8.8.8.8:53 csvymueoya.info udp
US 8.8.8.8:53 oupsoo.biz udp
US 8.8.8.8:53 eldudadsholapet.org udp
US 8.8.8.8:53 ijdoxufqbex.com udp
US 8.8.8.8:53 canobkuiwcymao.net udp
US 8.8.8.8:53 uoxxjsuiwcymao.net udp
US 8.8.8.8:53 prrshafox.com udp
US 8.8.8.8:53 otaqdwnansnan.com udp
US 8.8.8.8:53 msaivaiq.info udp
US 8.8.8.8:53 afrkkgfqbex.com udp
US 8.8.8.8:53 rppohcn.org udp
US 8.8.8.8:53 igpwasuiwcymao.info udp
US 8.8.8.8:53 eclmsyeoya.info udp
US 8.8.8.8:53 fblelwfox.org udp
US 8.8.8.8:53 gkhtjqfqbex.org udp
US 8.8.8.8:53 ucbeacuiwcymao.info udp
US 8.8.8.8:53 jcdplgn.cc udp
US 8.8.8.8:53 ippooqfqbex.cc udp
US 8.8.8.8:53 ckucgiiugkeq.net udp
US 8.8.8.8:53 uozowk.net udp
US 8.8.8.8:53 ktfelenansnan.cc udp
US 8.8.8.8:53 ubqlsodsholapet.cc udp
US 8.8.8.8:53 yqpmmcuiwcymao.net udp
US 8.8.8.8:53 mozogqeoya.net udp
US 8.8.8.8:53 hulcrifox.org udp
US 8.8.8.8:53 utbongfqbex.com udp
US 8.8.8.8:53 oqfigqeoya.net udp
US 8.8.8.8:53 cgnkggeoya.info udp
LT 212.12.200.27:27888 tcp
US 8.8.8.8:53 uexuvmnansnan.org udp
US 8.8.8.8:53 hgighifox.org udp
US 8.8.8.8:53 gcvvqo.biz udp
US 8.8.8.8:53 ieiyxaiq.info udp
US 8.8.8.8:53 gzfiqkdsholapet.cc udp
US 8.8.8.8:53 kkowcsdsholapet.cc udp
US 8.8.8.8:53 silkwo.net udp
US 8.8.8.8:53 qwqufaiq.net udp
US 8.8.8.8:53 sqdscufqbex.org udp
US 8.8.8.8:53 kpuxxkdsholapet.cc udp
US 8.8.8.8:53 sqjwxueoya.net udp
US 8.8.8.8:53 qsoufeiq.info udp
US 8.8.8.8:53 oivygmnansnan.org udp

Files

C:\Users\Admin\AppData\Local\Temp\apcxvhdqkzm.exe

MD5 85cb856b920e7b0b7b75115336fc2af2
SHA1 1d1a207efec2f5187583b652c35aef74ee4c473f
SHA256 6fff20aabe8265b6e811c9dbcb987f9c15cf07d1d8b80ced7b287d96900f5c62
SHA512 120ff9c77c19216e5691b6ba812f09f7db7b46685a391027fff56e5b73200f4211b6bac2c2d28cdfe461d1fbf10f1a3204adeedbd0a34a034a862c6278d901e8

C:\Windows\SysWOW64\kcxsduogfbxrtyruoe.exe

MD5 c7e5d9b24e40b9b5909256350f70b10b
SHA1 fb9d569e524b0cbe1f4a4a600ada58f687a7aee4
SHA256 2e7aa86c211bcba2701f0d5acd491714bcbaf5f5cd6e930bc9795fdfb2a7f859
SHA512 2cb935a8f5f1bc4fafbcd7de1bd3dabe65e31a2f3f860dcfbc65aad89242841e59fc6fffec922f20f4c983723329503060b00e4e7152873730c7de41b93a17ea

C:\Users\Admin\AppData\Local\Temp\vcmwwcl.exe

MD5 f07f32ba7de4c05773433b9ebaecca22
SHA1 3d8b016945c36a3e713b55554dfe85a5b17422a9
SHA256 7f70dad53114a27e1758ff4dadea9c4875975ea6c0f34d704c823839cb30f316
SHA512 ad7786f1d7f5064d0803efdee6fb7869703aaef0d0bc4b0b13fecae8873de0dbd02b9e1c9445f06f1d8952086348b2693f4aacfb92f7dbb0190b6fe4eedcbe4e

C:\Users\Admin\AppData\Local\oszgdgmqbjrxlchwceipwtwcgr.hnb

MD5 bd7a0614f893c80e05ff848700f8b416
SHA1 69631176bb9cd95a9fe0649c2b6eeb5d4e2f852f
SHA256 240f51d8bed75ec1d5d75672ce8464b60c2c896a823b52c3a37e72303a73b037
SHA512 5c3adb0ecf185f3e5816788c0a3223f3f1b3559dee66559026afed7f6f1f1c387ac65979d5d8ed2eea519ad4d86c0c0100a9f1173001b986dbf4a290caa21cb6

C:\Users\Admin\AppData\Local\pewowkbqmfypoqggxkzrjrfwlhatkjlbbsfum.mar

MD5 87b619c88dca02034082a8dcb90c5ee8
SHA1 7a35f17f97b70ecb34882301072a4db663dd6f10
SHA256 5b0413e7a4b138301699d92b713b5594142d200e9059c3f89ade9a137121f685
SHA512 152e74af33d836f30a9cc0d87ec50d52987bda23ddc5d53268e7ca0a6a32eaf276cff44513291a0fbe3a16e2cf6eca1603da644a9a1417160f215bea2fed5252

C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb

MD5 7ae0b5833fcae515a57490eff689eaee
SHA1 61faa04d528b5e6ca0242a40a5662667228d2685
SHA256 35e8676b21635a110439e83193d8af2df69d860841a20f40183ef23fc8e7873e
SHA512 5349fdc6de00a335b6d083d14072422cff0532cc71d4ab139eba3456d87e615e7a0d1645986ab4e09d24e62e124d1cf25a33c5adb5ad4944e52c2d905c07caa8

C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb

MD5 736b092c5663ada6188ac95e6f05621f
SHA1 dd2947541e77e3e3537a3941a28de8a07ad4eef9
SHA256 ffbc392c8f0c1d1c5c49c112ed7e068e6a4dc4650f5942d63e2f13282ad8bca7
SHA512 a52bb3805444c86fbd4aefcbc27d6d5bd5f8b09a3e4bad3c3e0ef0fa3b225201f98c5f2d08464c58ecc1f17b97dd00010530a7d87701fa4c058bb1f95980f718

C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb

MD5 1c9c5af9b2af44d8aa370151363b5eb0
SHA1 bcb0a9b4fc2c12bf1555853fa1a84ba3d13837d8
SHA256 44d8345a48f0037e30c29bfc1b53e76fb00349e6f4ffe7298591a866de33f95a
SHA512 af42d037014d51bf9ea64df769a9f4357e0a1fb4bf84e81282409298dce07b5622d2984a945c9f1376b1a10ac412b0492eb34f86808e232dcbb971a40e4d22a4

C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb

MD5 7aacad4eff7cabbc37ad30f48e4ae61a
SHA1 dc94aa291cd5485ed2800b229264f6bff4badd0b
SHA256 4019d98965f9f0caa51874d97817d8495896233bd97d94066b58834db7303bb1
SHA512 6b50af58df61c53df3c687e7c9e88343d2f3a36eff6e7452446c2556434a1be12a4ff0e8932c510b4d535d54719a60e4ad5445ebd8c3b63b29a6692f27c82d7a

C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb

MD5 db86cf6786476d2942064294cb01523e
SHA1 1b4b356f334fca67fbcc6ddebce921179cedccfe
SHA256 01c0bd42f84b57c445ed8c991235432fe2cd8d3263996855f46fc78e4c695c3b
SHA512 00eb7cea3e803108843a29e3d4d557b50968f4b0a8620c573beac0433dc9657ee5adc1eea4b75855074a1e4a67357011bf339ce497258dea3752cdb30aaf90ea

C:\Program Files (x86)\oszgdgmqbjrxlchwceipwtwcgr.hnb

MD5 d5c9f4468c9b574e2d90013bbe4e6247
SHA1 e0cb8b3fb12ef45c3a097eac42279b6d35b0a3d4
SHA256 3d127aebb742c182a0034fdfb5dd2d75e545c2106cf1637a596b5e1c4e8faf3e
SHA512 79a5a1281829c93755a8b5319c194fd6516330793067190c9234b9f66b99848294ef834f8e064615f0db4c78ed0c306143327f704e2fd3f602dcd715ec92a1f9

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-21 05:13

Reported

2025-04-21 05:16

Platform

win10v2004-20250314-en

Max time kernel

50s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "wqrgfbxujgfwqbvzqtkef.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uanozhp = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nqay = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tieoizqiskeqflaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haaomhcymigwpzsvlndw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tieoizqiskeqflaz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\aqnytldwhaviyfvvi.exe N/A
N/A N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
N/A N/A C:\Windows\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Windows\tieoizqiskeqflaz.exe N/A
N/A N/A C:\Windows\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Windows\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Windows\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Windows\haaomhcymigwpzsvlndw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\haaomhcymigwpzsvlndw.exe N/A
N/A N/A C:\Windows\haaomhcymigwpzsvlndw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\aqnytldwhaviyfvvi.exe N/A
N/A N/A C:\Windows\aqnytldwhaviyfvvi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\umlyvpjermjyqzrtijy.exe N/A
N/A N/A C:\Windows\tieoizqiskeqflaz.exe N/A
N/A N/A C:\Windows\aqnytldwhaviyfvvi.exe N/A
N/A N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Windows\aqnytldwhaviyfvvi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Windows\umlyvpjermjyqzrtijy.exe N/A
N/A N/A C:\Windows\umlyvpjermjyqzrtijy.exe N/A
N/A N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
N/A N/A C:\Windows\tieoizqiskeqflaz.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "aqnytldwhaviyfvvi.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "umlyvpjermjyqzrtijy.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "aqnytldwhaviyfvvi.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "aqnytldwhaviyfvvi.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "umlyvpjermjyqzrtijy.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "haaomhcymigwpzsvlndw.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "umlyvpjermjyqzrtijy.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "tieoizqiskeqflaz.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "aqnytldwhaviyfvvi.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "aqnytldwhaviyfvvi.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "jaykgzsmysoctbsthh.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tieoizqiskeqflaz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\walkt = "wqrgfbxujgfwqbvzqtkef.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "jaykgzsmysoctbsthh.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oypujvhuzmb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umlyvpjermjyqzrtijy.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "umlyvpjermjyqzrtijy.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aixanxhsv = "tieoizqiskeqflaz.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\walkt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqrgfbxujgfwqbvzqtkef.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tcswkvgswi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haaomhcymigwpzsvlndw.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "wqrgfbxujgfwqbvzqtkef.exe" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jqegsbku = "haaomhcymigwpzsvlndw.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hmyyip = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqnytldwhaviyfvvi.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File created C:\Windows\SysWOW64\xwcwabceyaeazpoxtbxwcw.bce C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File created C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\oypujvhuzmbistdxexeofkzlxkpcryijt.unu C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File created C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\SysWOW64\oypujvhuzmbistdxexeofkzlxkpcryijt.unu C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\SysWOW64\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File created C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Program Files (x86)\oypujvhuzmbistdxexeofkzlxkpcryijt.unu C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File created C:\Program Files (x86)\oypujvhuzmbistdxexeofkzlxkpcryijt.unu C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umlyvpjermjyqzrtijy.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqnytldwhaviyfvvi.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tieoizqiskeqflaz.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\jaykgzsmysoctbsthh.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haaomhcymigwpzsvlndw.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\nikaaxusiggytfafxbtoqg.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqrgfbxujgfwqbvzqtkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haaomhcymigwpzsvlndw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haaomhcymigwpzsvlndw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umlyvpjermjyqzrtijy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2488 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 2488 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 2488 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 2920 wrote to memory of 2472 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 2920 wrote to memory of 2472 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 2920 wrote to memory of 2472 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 1752 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
PID 1752 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
PID 1752 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
PID 4660 wrote to memory of 4712 N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4660 wrote to memory of 4712 N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4660 wrote to memory of 4712 N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4728 wrote to memory of 4756 N/A C:\Windows\system32\cmd.exe C:\Windows\aqnytldwhaviyfvvi.exe
PID 4728 wrote to memory of 4756 N/A C:\Windows\system32\cmd.exe C:\Windows\aqnytldwhaviyfvvi.exe
PID 4728 wrote to memory of 4756 N/A C:\Windows\system32\cmd.exe C:\Windows\aqnytldwhaviyfvvi.exe
PID 5020 wrote to memory of 5884 N/A C:\Windows\system32\cmd.exe C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
PID 5020 wrote to memory of 5884 N/A C:\Windows\system32\cmd.exe C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
PID 5020 wrote to memory of 5884 N/A C:\Windows\system32\cmd.exe C:\Windows\wqrgfbxujgfwqbvzqtkef.exe
PID 424 wrote to memory of 4820 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
PID 424 wrote to memory of 4820 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
PID 424 wrote to memory of 4820 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
PID 5884 wrote to memory of 4964 N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5884 wrote to memory of 4964 N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5884 wrote to memory of 4964 N/A C:\Windows\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5880 wrote to memory of 4960 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
PID 5880 wrote to memory of 4960 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
PID 5880 wrote to memory of 4960 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe
PID 4960 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4960 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4960 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3392 wrote to memory of 3360 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
PID 3392 wrote to memory of 3360 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
PID 3392 wrote to memory of 3360 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
PID 984 wrote to memory of 3120 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
PID 984 wrote to memory of 3120 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
PID 984 wrote to memory of 3120 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe
PID 3120 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe C:\Windows\haaomhcymigwpzsvlndw.exe
PID 3120 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe C:\Windows\haaomhcymigwpzsvlndw.exe
PID 3120 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe C:\Windows\haaomhcymigwpzsvlndw.exe
PID 4184 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
PID 4184 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
PID 4184 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
PID 4184 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
PID 4184 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
PID 4184 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\hmyyip.exe
PID 460 wrote to memory of 1876 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 460 wrote to memory of 1876 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 460 wrote to memory of 1876 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 1668 wrote to memory of 848 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
PID 1668 wrote to memory of 848 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
PID 1668 wrote to memory of 848 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe
PID 5720 wrote to memory of 3536 N/A C:\Windows\system32\cmd.exe C:\Windows\tieoizqiskeqflaz.exe
PID 5720 wrote to memory of 3536 N/A C:\Windows\system32\cmd.exe C:\Windows\tieoizqiskeqflaz.exe
PID 5720 wrote to memory of 3536 N/A C:\Windows\system32\cmd.exe C:\Windows\tieoizqiskeqflaz.exe
PID 1244 wrote to memory of 2092 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 1244 wrote to memory of 2092 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 1244 wrote to memory of 2092 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe
PID 2092 wrote to memory of 4092 N/A C:\Windows\jaykgzsmysoctbsthh.exe C:\Windows\System32\Conhost.exe
PID 2092 wrote to memory of 4092 N/A C:\Windows\jaykgzsmysoctbsthh.exe C:\Windows\System32\Conhost.exe
PID 2092 wrote to memory of 4092 N/A C:\Windows\jaykgzsmysoctbsthh.exe C:\Windows\System32\Conhost.exe
PID 3536 wrote to memory of 1032 N/A C:\Windows\tieoizqiskeqflaz.exe C:\Windows\system32\cmd.exe
PID 3536 wrote to memory of 1032 N/A C:\Windows\tieoizqiskeqflaz.exe C:\Windows\system32\cmd.exe
PID 3536 wrote to memory of 1032 N/A C:\Windows\tieoizqiskeqflaz.exe C:\Windows\system32\cmd.exe
PID 3700 wrote to memory of 2160 N/A C:\Windows\system32\cmd.exe C:\Windows\jaykgzsmysoctbsthh.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\hmyyip.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\hmyyip.exe

"C:\Users\Admin\AppData\Local\Temp\hmyyip.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

C:\Users\Admin\AppData\Local\Temp\hmyyip.exe

"C:\Users\Admin\AppData\Local\Temp\hmyyip.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_c7e5d9b24e40b9b5909256350f70b10b.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tieoizqiskeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqnytldwhaviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haaomhcymigwpzsvlndw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Windows\haaomhcymigwpzsvlndw.exe

haaomhcymigwpzsvlndw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haaomhcymigwpzsvlndw.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\umlyvpjermjyqzrtijy.exe

umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umlyvpjermjyqzrtijy.exe*."

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\jaykgzsmysoctbsthh.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Users\Admin\AppData\Local\Temp\haaomhcymigwpzsvlndw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqrgfbxujgfwqbvzqtkef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tieoizqiskeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umlyvpjermjyqzrtijy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\umlyvpjermjyqzrtijy.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqnytldwhaviyfvvi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqnytldwhaviyfvvi.exe

C:\Windows\aqnytldwhaviyfvvi.exe

aqnytldwhaviyfvvi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe .

C:\Windows\wqrgfbxujgfwqbvzqtkef.exe

wqrgfbxujgfwqbvzqtkef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe

C:\Windows\jaykgzsmysoctbsthh.exe

jaykgzsmysoctbsthh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haaomhcymigwpzsvlndw.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jaykgzsmysoctbsthh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jaykgzsmysoctbsthh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tieoizqiskeqflaz.exe

tieoizqiskeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tieoizqiskeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umlyvpjermjyqzrtijy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqrgfbxujgfwqbvzqtkef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqnytldwhaviyfvvi.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 hjtzngn.com udp
US 95.69.202.212:16883 tcp
US 8.8.8.8:53 oocgwwiq.net udp
US 8.8.8.8:53 uqfees.biz udp
US 8.8.8.8:53 tefpvkn.cc udp
US 8.8.8.8:53 gvveiqfqbex.cc udp
US 8.8.8.8:53 sawsyaiq.net udp
US 8.8.8.8:53 uunona.info udp
US 8.8.8.8:53 trzxlwfox.org udp
US 8.8.8.8:53 pymgnwfox.cc udp
US 8.8.8.8:53 imdkwgeoya.net udp
US 8.8.8.8:53 sqmupwiq.net udp
US 8.8.8.8:53 tphefkn.cc udp
US 8.8.8.8:53 oitwrqfqbex.org udp
US 8.8.8.8:53 aktescuiwcymao.net udp
US 8.8.8.8:53 eyfhws.biz udp
US 8.8.8.8:53 svhcjmnansnan.com udp
US 8.8.8.8:53 ugvbqgfqbex.com udp
US 8.8.8.8:53 oejkasuiwcymao.biz udp
US 8.8.8.8:53 megsoeiq.net udp
US 8.8.8.8:53 zfdthsn.cc udp
US 8.8.8.8:53 xizqmkn.cc udp
US 8.8.8.8:53 oerrlgeoya.biz udp
US 8.8.8.8:53 eqbqcguiwcymao.info udp
US 52.11.240.239:80 eqbqcguiwcymao.info tcp
US 8.8.8.8:53 zuzmvwfox.com udp
US 8.8.8.8:53 wzgrsenansnan.org udp
US 8.8.8.8:53 wigyhsiugkeq.biz udp
US 8.8.8.8:53 waauysiugkeq.net udp
US 8.8.8.8:53 srjukodsholapet.org udp
US 8.8.8.8:53 tizmbgn.org udp
US 8.8.8.8:53 qwetpwiugkeq.biz udp
US 8.8.8.8:53 amlehcuiwcymao.net udp
US 8.8.8.8:53 izbqukdsholapet.com udp
US 8.8.8.8:53 agvtrufqbex.cc udp
US 8.8.8.8:53 sepsbs.net udp
US 8.8.8.8:53 agoriiiugkeq.biz udp
US 8.8.8.8:53 rmrgusfox.cc udp
US 8.8.8.8:53 bozyrgn.com udp
US 8.8.8.8:53 kooiewiq.net udp
US 8.8.8.8:53 yuwuemiq.biz udp
US 8.8.8.8:53 ybdetodsholapet.com udp
US 8.8.8.8:53 mgesbsdsholapet.org udp
US 8.8.8.8:53 ykbjeueoya.biz udp
US 8.8.8.8:53 sooiysiugkeq.biz udp
US 8.8.8.8:53 tjxxlafox.cc udp
US 8.8.8.8:53 cjgsnenansnan.com udp
US 8.8.8.8:53 autsca.net udp
US 8.8.8.8:53 wmeawmiq.net udp
US 8.8.8.8:53 nszqrsfox.cc udp
US 8.8.8.8:53 nqwuzafox.org udp
US 8.8.8.8:53 ugzfgguiwcymao.info udp
US 8.8.8.8:53 qwawsaiq.biz udp
US 8.8.8.8:53 wabchmnansnan.com udp
US 8.8.8.8:53 xcneecn.org udp
US 8.8.8.8:53 uwxumcuiwcymao.info udp
US 8.8.8.8:53 qymkcaiq.net udp
US 8.8.8.8:53 xojoxsn.com udp
US 8.8.8.8:53 bkcsuafox.com udp
US 8.8.8.8:53 ailswk.info udp
US 8.8.8.8:53 qweacsiugkeq.biz udp
US 8.8.8.8:53 tvfwkifox.cc udp
US 8.8.8.8:53 fqcqcwfox.org udp
US 8.8.8.8:53 gimcsiiugkeq.net udp
US 8.8.8.8:53 catwtueoya.net udp
LT 78.157.72.10:43964 tcp
US 8.8.8.8:53 ytxizanansnan.org udp
US 8.8.8.8:53 zonspkn.cc udp
US 8.8.8.8:53 aymkoaiugkeq.info udp
US 8.8.8.8:53 usawkiiugkeq.biz udp
US 8.8.8.8:53 uafudkdsholapet.cc udp
US 8.8.8.8:53 wrsxuodsholapet.com udp
US 8.8.8.8:53 egweniiugkeq.net udp
US 8.8.8.8:53 igkiteiq.info udp
US 8.8.8.8:53 ekxtrenansnan.org udp
US 8.8.8.8:53 rmrihsn.org udp
US 8.8.8.8:53 qgqqhwiugkeq.net udp
US 8.8.8.8:53 skqoxsiugkeq.net udp
US 8.8.8.8:53 unbclufqbex.org udp
US 8.8.8.8:53 ygudvanansnan.org udp
US 8.8.8.8:53 kenoyguiwcymao.net udp
US 8.8.8.8:53 eaxveqeoya.net udp
US 8.8.8.8:53 tbxouwfox.org udp
US 8.8.8.8:53 jfgjlifox.org udp
US 8.8.8.8:53 gahmus.net udp
US 8.8.8.8:53 qaowwaiq.net udp
US 8.8.8.8:53 dsfxjcn.org udp
US 8.8.8.8:53 zcbtrcn.com udp
US 8.8.8.8:53 sywmmmiq.info udp
US 8.8.8.8:53 iobwycuiwcymao.net udp
US 8.8.8.8:53 xidshsn.com udp
US 8.8.8.8:53 mqtoqyfqbex.com udp
US 8.8.8.8:53 wovsmueoya.info udp
US 8.8.8.8:53 euyypiiugkeq.net udp
US 8.8.8.8:53 hzdupsn.org udp
US 8.8.8.8:53 brdhrcn.org udp
US 8.8.8.8:53 scfdcueoya.info udp
US 8.8.8.8:53 wessyiiugkeq.info udp
US 8.8.8.8:53 tmrvuifox.com udp
US 8.8.8.8:53 pwhmxcn.cc udp
US 8.8.8.8:53 kkpepo.info udp
US 8.8.8.8:53 aaxsiueoya.info udp
US 8.8.8.8:53 vmribifox.org udp
US 8.8.8.8:53 drigfifox.cc udp
US 8.8.8.8:53 kmnliguiwcymao.info udp
US 8.8.8.8:53 uytcsgeoya.info udp
US 8.8.8.8:53 uglergfqbex.org udp
US 8.8.8.8:53 lxnsdcn.com udp
LT 86.100.228.199:19507 tcp
US 8.8.8.8:53 coxkiueoya.info udp
US 8.8.8.8:53 aqzadkuiwcymao.info udp
US 8.8.8.8:53 yalpjanansnan.org udp
US 8.8.8.8:53 ycokbodsholapet.org udp
US 8.8.8.8:53 yqjswk.net udp
US 8.8.8.8:53 ymxikueoya.net udp
US 8.8.8.8:53 kdrccwnansnan.com udp
US 8.8.8.8:53 ckocgkdsholapet.org udp
US 8.8.8.8:53 swdihk.info udp
US 8.8.8.8:53 qwbbyyeoya.info udp
US 8.8.8.8:53 yndccsdsholapet.cc udp
US 8.8.8.8:53 uvjmhufqbex.org udp
US 8.8.8.8:53 isuufsiugkeq.info udp
US 8.8.8.8:53 ieysqwiq.biz udp
US 8.8.8.8:53 zqhkxgn.cc udp
US 8.8.8.8:53 mqswuwnansnan.org udp
US 8.8.8.8:53 iyyodwiugkeq.info udp
US 8.8.8.8:53 wopkca.info udp
US 8.8.8.8:53 lnhktifox.org udp
US 8.8.8.8:53 fqhkgkn.com udp
US 8.8.8.8:53 ewfahguiwcymao.info udp
US 8.8.8.8:53 qusosiiugkeq.net udp
US 8.8.8.8:53 ovtiuufqbex.cc udp
US 8.8.8.8:53 aqestenansnan.org udp
US 8.8.8.8:53 cymgiwiugkeq.info udp
US 8.8.8.8:53 yuhspcuiwcymao.biz udp
US 8.8.8.8:53 pvlglcn.com udp
US 8.8.8.8:53 sshljufqbex.org udp
US 8.8.8.8:53 suzcda.net udp
US 8.8.8.8:53 cebszqeoya.info udp
US 8.8.8.8:53 cdnjnanansnan.cc udp
US 8.8.8.8:53 slwcnodsholapet.cc udp
US 8.8.8.8:53 goboncuiwcymao.net udp
US 8.8.8.8:53 uwmzmeiq.net udp
US 8.8.8.8:53 gtrevgfqbex.org udp
US 8.8.8.8:53 vmgqbsfox.org udp
US 8.8.8.8:53 eeigiwiq.net udp
US 8.8.8.8:53 cyugvwiq.biz udp
US 8.8.8.8:53 yknalenansnan.com udp
US 8.8.8.8:53 lkadhifox.org udp
US 8.8.8.8:53 iuwkfiiugkeq.info udp
US 8.8.8.8:53 qidcqa.net udp
US 8.8.8.8:53 anljvkdsholapet.cc udp
US 8.8.8.8:53 ebaaxanansnan.org udp
US 8.8.8.8:53 satsdueoya.info udp
US 8.8.8.8:53 cgguxsiugkeq.biz udp
US 8.8.8.8:53 vxdaqgn.cc udp
US 8.8.8.8:53 qxkyvwnansnan.org udp
US 8.8.8.8:53 aijneueoya.info udp
US 8.8.8.8:53 qixipa.info udp
US 8.8.8.8:53 oznevadsholapet.org udp
US 8.8.8.8:53 tnrpfkn.cc udp
US 8.8.8.8:53 ikpogcuiwcymao.info udp
US 8.8.8.8:53 syqyiiiugkeq.info udp
US 8.8.8.8:53 bglbscn.org udp
US 8.8.8.8:53 ewgxsodsholapet.cc udp
US 8.8.8.8:53 gahdrueoya.biz udp
US 8.8.8.8:53 kmyjzsiugkeq.net udp
US 8.8.8.8:53 ygxqnanansnan.com udp
US 8.8.8.8:53 fnzyrcn.com udp
US 8.8.8.8:53 oquysiiugkeq.biz udp
US 8.8.8.8:53 smfqaa.info udp
US 8.8.8.8:53 ctjwaanansnan.com udp
LT 78.62.13.88:41708 tcp
US 8.8.8.8:53 hbkjhafox.com udp
US 8.8.8.8:53 ccpodo.biz udp
US 8.8.8.8:53 yoqcpmiq.biz udp
US 8.8.8.8:53 wigiakdsholapet.com udp
US 8.8.8.8:53 qaygssiugkeq.biz udp
US 8.8.8.8:53 ayfapa.biz udp
US 8.8.8.8:53 ojxqpmnansnan.org udp
US 8.8.8.8:53 rpywjifox.org udp
US 8.8.8.8:53 ggxuesuiwcymao.biz udp
US 8.8.8.8:53 eqlgqueoya.biz udp
US 8.8.8.8:53 abdqbenansnan.com udp
US 8.8.8.8:53 intehufqbex.org udp
US 8.8.8.8:53 ywywjaiq.biz udp
US 8.8.8.8:53 osvvkgeoya.net udp
US 8.8.8.8:53 varbwsn.com udp
US 8.8.8.8:53 rnwslafox.com udp
US 8.8.8.8:53 kwdktk.net udp
US 8.8.8.8:53 katyqkuiwcymao.net udp
US 8.8.8.8:53 tldcjafox.cc udp
US 8.8.8.8:53 mvomnkdsholapet.com udp
US 8.8.8.8:53 mkbuyk.biz udp
US 8.8.8.8:53 seeqxsiugkeq.info udp
US 8.8.8.8:53 jrjyeafox.com udp
US 8.8.8.8:53 gsuivanansnan.cc udp
US 8.8.8.8:53 ymjogcuiwcymao.biz udp
US 8.8.8.8:53 aopcoa.info udp
US 8.8.8.8:53 pyxongn.org udp
US 8.8.8.8:53 wvmqfodsholapet.cc udp
US 8.8.8.8:53 ycosswiq.biz udp
US 8.8.8.8:53 smpsecuiwcymao.info udp
US 8.8.8.8:53 qwffnkdsholapet.cc udp
US 8.8.8.8:53 sbyqaodsholapet.org udp
US 8.8.8.8:53 csvacgeoya.biz udp
US 8.8.8.8:53 gkeeawiq.biz udp
US 8.8.8.8:53 mjnmxgfqbex.org udp
US 8.8.8.8:53 ldvhxcn.cc udp
US 8.8.8.8:53 ywsyewiugkeq.biz udp
US 8.8.8.8:53 kklkvguiwcymao.info udp
US 8.8.8.8:53 ynlcxufqbex.cc udp
US 8.8.8.8:53 ikmgamiq.net udp
US 8.8.8.8:53 ucdeuqeoya.biz udp
US 8.8.8.8:53 dhhnowfox.org udp
US 8.8.8.8:53 shmdzmnansnan.cc udp
US 8.8.8.8:53 ikahdwiq.net udp
US 8.8.8.8:53 oqbccsuiwcymao.info udp
US 8.8.8.8:53 vmrwksn.cc udp
HK 89.116.150.125:23076 tcp
US 8.8.8.8:53 ymkaaenansnan.org udp
US 8.8.8.8:53 uowhamiq.biz udp
US 8.8.8.8:53 oyiemiiugkeq.net udp
US 8.8.8.8:53 dhxelgn.cc udp
US 8.8.8.8:53 mkfqck.net udp
US 8.8.8.8:53 gcnunkuiwcymao.biz udp
US 8.8.8.8:53 qarebgfqbex.org udp
US 8.8.8.8:53 sgygrenansnan.org udp
US 8.8.8.8:53 wqtpoa.biz udp
US 8.8.8.8:53 uijsocuiwcymao.net udp
US 8.8.8.8:53 inlmngfqbex.cc udp
US 8.8.8.8:53 msgslkdsholapet.cc udp
US 8.8.8.8:53 cmecrwiq.info udp
US 8.8.8.8:53 yswfewiq.biz udp
US 8.8.8.8:53 jllifcn.cc udp
US 8.8.8.8:53 mgiwhkdsholapet.com udp
US 8.8.8.8:53 uqgpuwiugkeq.info udp
US 8.8.8.8:53 acwwdsiugkeq.info udp
US 8.8.8.8:53 vqhxzsfox.com udp
US 8.8.8.8:53 qpmmxodsholapet.org udp
US 8.8.8.8:53 uwvams.net udp
US 8.8.8.8:53 kehoko.biz udp
US 8.8.8.8:53 gujndsdsholapet.org udp
US 8.8.8.8:53 quigcenansnan.com udp
US 8.8.8.8:53 mgjlmcuiwcymao.biz udp
US 8.8.8.8:53 qqbfxqeoya.net udp
US 8.8.8.8:53 lkroxcn.org udp
US 8.8.8.8:53 xiwqrifox.cc udp
US 8.8.8.8:53 saekyaiugkeq.biz udp
US 8.8.8.8:53 wyufiwiugkeq.info udp
US 8.8.8.8:53 zqdppcn.org udp
US 8.8.8.8:53 zmcuawfox.com udp
US 8.8.8.8:53 oiwkkwiugkeq.biz udp
US 8.8.8.8:53 cvlwyqfqbex.com udp
US 8.8.8.8:53 mmqmdadsholapet.cc udp
US 8.8.8.8:53 akqipmiq.net udp
US 8.8.8.8:53 csrjza.biz udp
US 8.8.8.8:53 irxkesdsholapet.com udp
US 8.8.8.8:53 xedkfkn.cc udp
US 8.8.8.8:53 eyiqmaiq.info udp
US 8.8.8.8:53 uqjcesuiwcymao.biz udp
US 8.8.8.8:53 qfbajkdsholapet.cc udp
US 8.8.8.8:53 gashosdsholapet.cc udp
US 8.8.8.8:53 ioxgfkuiwcymao.net udp
US 8.8.8.8:53 cakcksiugkeq.net udp
US 8.8.8.8:53 pzfpdsn.com udp
US 8.8.8.8:53 kfjuhyfqbex.com udp
US 8.8.8.8:53 skxmss.net udp
US 8.8.8.8:53 kgjnuo.net udp
US 8.8.8.8:53 garctenansnan.com udp
US 8.8.8.8:53 uqirsadsholapet.cc udp
US 8.8.8.8:53 cehbea.info udp
US 8.8.8.8:53 qyllkyeoya.net udp
US 8.8.8.8:53 ekzmkyfqbex.cc udp
US 8.8.8.8:53 aywzoanansnan.cc udp
US 8.8.8.8:53 eapmoguiwcymao.info udp
US 8.8.8.8:53 qcjisqeoya.net udp
US 8.8.8.8:53 brjarkn.com udp
DE 89.117.54.77:33487 tcp
US 8.8.8.8:53 cvktlsdsholapet.com udp
US 8.8.8.8:53 yslnsa.net udp
US 8.8.8.8:53 iahmhgeoya.biz udp
US 8.8.8.8:53 upbgkkdsholapet.cc udp
US 8.8.8.8:53 rvoqtwfox.com udp
US 8.8.8.8:53 gqlawgeoya.info udp
US 8.8.8.8:53 qymmssiugkeq.net udp
US 8.8.8.8:53 bdfqlcn.cc udp
US 8.8.8.8:53 mohpsgfqbex.org udp
US 8.8.8.8:53 mkxzgo.info udp
US 8.8.8.8:53 wodkgyeoya.net udp
US 8.8.8.8:53 hjhubwfox.cc udp
US 8.8.8.8:53 hfmrgafox.org udp
US 8.8.8.8:53 kapflsuiwcymao.biz udp
US 8.8.8.8:53 aivsdgeoya.biz udp
US 8.8.8.8:53 qprcjadsholapet.org udp
US 8.8.8.8:53 sfwqaanansnan.com udp
US 8.8.8.8:53 ugkjfiiugkeq.info udp
US 8.8.8.8:53 kasatwiq.biz udp
US 8.8.8.8:53 fwdsbsn.cc udp
US 8.8.8.8:53 uqqigwnansnan.com udp
US 8.8.8.8:53 iwqnwaiq.biz udp
US 8.8.8.8:53 oevwwguiwcymao.info udp
US 8.8.8.8:53 vtnwbsn.org udp
US 8.8.8.8:53 gyfssk.info udp
US 8.8.8.8:53 cgbywgeoya.biz udp
US 8.8.8.8:53 kntxngfqbex.cc udp
US 8.8.8.8:53 sntqrqfqbex.org udp
US 8.8.8.8:53 keqaqwiugkeq.net udp
US 8.8.8.8:53 ccfqsguiwcymao.biz udp
US 8.8.8.8:53 uudadkdsholapet.cc udp
US 8.8.8.8:53 mkaeumnansnan.org udp
US 8.8.8.8:53 sebihguiwcymao.biz udp
US 8.8.8.8:53 aispkeiq.net udp
US 8.8.8.8:53 yejlkmnansnan.cc udp
US 8.8.8.8:53 cafkbqfqbex.com udp
US 8.8.8.8:53 akrcoueoya.net udp
US 8.8.8.8:53 gwrxykuiwcymao.net udp
US 8.8.8.8:53 xihaywfox.org udp
US 8.8.8.8:53 ilwmradsholapet.org udp
US 89.117.170.9:45294 tcp
US 8.8.8.8:53 cudclguiwcymao.biz udp
US 8.8.8.8:53 kyliisuiwcymao.net udp
US 8.8.8.8:53 lzripifox.org udp
US 8.8.8.8:53 sevaia.info udp
US 8.8.8.8:53 ggxouqeoya.info udp
US 8.8.8.8:53 qvlkzodsholapet.com udp
US 8.8.8.8:53 rufpjsn.cc udp
US 8.8.8.8:53 yyvilcuiwcymao.biz udp
US 8.8.8.8:53 mariek.info udp
US 8.8.8.8:53 ymxjpgfqbex.com udp
US 8.8.8.8:53 ngzwjcn.com udp
US 8.8.8.8:53 eajoyueoya.net udp
US 8.8.8.8:53 aqbzwguiwcymao.info udp
US 8.8.8.8:53 nkjgnkn.com udp
US 8.8.8.8:53 gksugsdsholapet.cc udp
US 8.8.8.8:53 ywebbeiq.biz udp
US 8.8.8.8:53 iibjso.net udp
US 8.8.8.8:53 opnanmnansnan.cc udp
US 8.8.8.8:53 duwwfafox.cc udp
US 8.8.8.8:53 sotaiqeoya.info udp
US 8.8.8.8:53 gmzppyfqbex.org udp
US 8.8.8.8:53 cpjzbyfqbex.cc udp
US 8.8.8.8:53 icpliqeoya.biz udp
US 8.8.8.8:53 gcxmzs.info udp
US 8.8.8.8:53 aetgpyfqbex.cc udp
US 8.8.8.8:53 fmgdnwfox.org udp
US 8.8.8.8:53 amdgqkuiwcymao.biz udp
US 8.8.8.8:53 gqqahaiugkeq.info udp
US 8.8.8.8:53 stfmbenansnan.org udp
US 8.8.8.8:53 fxnvcgn.com udp
US 8.8.8.8:53 okecyiiugkeq.net udp
US 8.8.8.8:53 msveigeoya.biz udp
US 8.8.8.8:53 jehmxgn.org udp
US 8.8.8.8:53 sdyriwnansnan.com udp
US 8.8.8.8:53 mahfmsuiwcymao.biz udp
US 8.8.8.8:53 eqrvoueoya.net udp
US 8.8.8.8:53 kbzwdkdsholapet.cc udp
US 8.8.8.8:53 zgduzgn.com udp
US 8.8.8.8:53 qcklsmiq.net udp
US 8.8.8.8:53 kxdwqgfqbex.com udp
US 8.8.8.8:53 wrlndgfqbex.cc udp
US 8.8.8.8:53 kolkhguiwcymao.net udp
US 8.8.8.8:53 ccfocqeoya.info udp
US 8.8.8.8:53 iqlrwwnansnan.org udp
US 8.8.8.8:53 sdmumadsholapet.com udp
US 8.8.8.8:53 kqowieiq.biz udp
US 8.8.8.8:53 wcxwacuiwcymao.biz udp
US 8.8.8.8:53 yphvdyfqbex.cc udp
US 8.8.8.8:53 vbmgnafox.com udp
US 8.8.8.8:53 qgnfmgeoya.biz udp
US 8.8.8.8:53 gwtjza.info udp
US 8.8.8.8:53 lohutkn.com udp
US 8.8.8.8:53 xdngzcn.com udp
US 8.8.8.8:53 gaycpaiq.net udp
US 8.8.8.8:53 oorjesuiwcymao.biz udp
US 8.8.8.8:53 rulrusfox.com udp
US 8.8.8.8:53 gjwkhadsholapet.org udp
US 8.8.8.8:53 watgjgeoya.info udp
US 8.8.8.8:53 muipuaiq.info udp
US 8.8.8.8:53 dszijcn.com udp
US 8.8.8.8:53 pcholkn.org udp
US 8.8.8.8:53 oqbahqeoya.net udp
US 8.8.8.8:53 owesisiugkeq.biz udp
US 8.8.8.8:53 oljgxadsholapet.cc udp
US 8.8.8.8:53 vkygxifox.org udp
US 8.8.8.8:53 coxumyeoya.net udp
US 8.8.8.8:53 guesgsiugkeq.biz udp
US 8.8.8.8:53 mdfgmmnansnan.cc udp
US 8.8.8.8:53 ejkfkodsholapet.com udp
DE 84.32.209.6:42469 tcp
US 8.8.8.8:53 uwsunmiq.biz udp
US 8.8.8.8:53 qogipaiq.biz udp
US 8.8.8.8:53 altqradsholapet.cc udp
US 8.8.8.8:53 uodypqfqbex.com udp
US 8.8.8.8:53 imnargeoya.net udp
US 8.8.8.8:53 sqcpjmiq.net udp
US 8.8.8.8:53 cclwradsholapet.cc udp
US 8.8.8.8:53 fzwmpwfox.org udp
US 8.8.8.8:53 owztakuiwcymao.net udp
US 8.8.8.8:53 ycdoeqeoya.biz udp
US 8.8.8.8:53 mvzgvgfqbex.cc udp
US 8.8.8.8:53 ehqvnanansnan.com udp
US 8.8.8.8:53 kuuyeaiugkeq.net udp
US 8.8.8.8:53 agdcas.net udp
US 8.8.8.8:53 arhezenansnan.com udp
US 8.8.8.8:53 mdenqadsholapet.org udp
US 8.8.8.8:53 eqoygeiq.biz udp
US 8.8.8.8:53 kqvomo.net udp
US 8.8.8.8:53 gsxwoodsholapet.cc udp
US 8.8.8.8:53 yhvtlgfqbex.com udp
US 8.8.8.8:53 cwruns.biz udp
US 8.8.8.8:53 ewrgra.info udp
US 8.8.8.8:53 jbhtfgn.org udp
US 8.8.8.8:53 vhhyksn.cc udp
US 8.8.8.8:53 yadxsa.biz udp
US 8.8.8.8:53 icucymiq.info udp
US 8.8.8.8:53 capnvyfqbex.com udp
US 8.8.8.8:53 gzycfanansnan.cc udp
US 8.8.8.8:53 qcewewiq.info udp
US 8.8.8.8:53 syktjaiugkeq.net udp
US 8.8.8.8:53 jozwzafox.com udp
US 8.8.8.8:53 gpwspmnansnan.cc udp
US 8.8.8.8:53 mqgsxaiugkeq.net udp
US 8.8.8.8:53 yopkua.info udp
US 8.8.8.8:53 ndvcrgn.cc udp
US 8.8.8.8:53 yxuqqadsholapet.org udp
US 8.8.8.8:53 sapcno.info udp
US 8.8.8.8:53 ewxgmk.info udp
US 8.8.8.8:53 munmnkdsholapet.com udp
US 8.8.8.8:53 ttzwcgn.cc udp
US 8.8.8.8:53 emuqzwiq.biz udp
US 8.8.8.8:53 giegosiugkeq.info udp
US 8.8.8.8:53 pmxxgifox.org udp
US 8.8.8.8:53 oceunkdsholapet.com udp
US 8.8.8.8:53 asvxhs.biz udp
US 8.8.8.8:53 ugjlekuiwcymao.net udp
US 8.8.8.8:53 schwyadsholapet.org udp
US 8.8.8.8:53 tjawhwfox.cc udp
US 8.8.8.8:53 yobeuyeoya.info udp
CA 88.216.96.219:25335 tcp
US 8.8.8.8:53 gexcoyeoya.net udp
US 8.8.8.8:53 ltptvafox.org udp
US 8.8.8.8:53 tfbinkn.com udp
US 8.8.8.8:53 mqrypqeoya.info udp
US 8.8.8.8:53 ccfbrueoya.biz udp
US 8.8.8.8:53 wxfsuenansnan.com udp
US 8.8.8.8:53 jfmqhafox.com udp
US 8.8.8.8:53 mebmdk.info udp
US 8.8.8.8:53 aifbmguiwcymao.biz udp
US 8.8.8.8:53 rgpgnwfox.org udp
US 8.8.8.8:53 mlocqadsholapet.com udp
US 8.8.8.8:53 mcjqmueoya.net udp
US 8.8.8.8:53 iynsyyeoya.info udp
US 8.8.8.8:53 nxpoowfox.com udp
US 8.8.8.8:53 cmkmzmnansnan.com udp
US 8.8.8.8:53 gkryis.info udp
US 8.8.8.8:53 ykkwcsiugkeq.net udp
US 8.8.8.8:53 uhdlhwnansnan.cc udp
US 8.8.8.8:53 qxtgdufqbex.org udp
US 8.8.8.8:53 csbgjueoya.biz udp
US 8.8.8.8:53 ciaqiiiugkeq.biz udp
US 8.8.8.8:53 kktaxsdsholapet.org udp
US 8.8.8.8:53 cglzcufqbex.org udp
US 8.8.8.8:53 cgxyia.net udp
US 8.8.8.8:53 myozamiq.biz udp
US 8.8.8.8:53 siruxqfqbex.org udp
US 8.8.8.8:53 mhtceufqbex.org udp
US 8.8.8.8:53 qulegyeoya.info udp
US 8.8.8.8:53 celijcuiwcymao.info udp
US 8.8.8.8:53 pvplfcn.cc udp
US 8.8.8.8:53 upsqdenansnan.com udp
US 8.8.8.8:53 qumwgmiq.net udp
US 8.8.8.8:53 sqowawiq.info udp
US 8.8.8.8:53 hlracsn.com udp
US 8.8.8.8:53 vmokuwfox.com udp
US 8.8.8.8:53 cstlnguiwcymao.biz udp
US 8.8.8.8:53 eehapguiwcymao.biz udp
US 8.8.8.8:53 cufuxadsholapet.org udp
US 8.8.8.8:53 nejtjkn.org udp
US 8.8.8.8:53 kwaobaiq.biz udp
US 8.8.8.8:53 mmlmosuiwcymao.net udp
US 8.8.8.8:53 cwdgpwnansnan.org udp
US 8.8.8.8:53 skkstanansnan.cc udp
US 8.8.8.8:53 wwlqhgeoya.net udp
US 8.8.8.8:53 oilfio.biz udp
US 8.8.8.8:53 hfhcdkn.cc udp
US 8.8.8.8:53 eihotufqbex.org udp
US 8.8.8.8:53 uolbqguiwcymao.biz udp
US 8.8.8.8:53 mupwuqeoya.biz udp
US 8.8.8.8:53 yznqxqfqbex.cc udp
US 8.8.8.8:53 trbrysn.cc udp
US 8.8.8.8:53 ikpcrueoya.biz udp
US 8.8.8.8:53 cypwnsuiwcymao.biz udp
US 8.8.8.8:53 inlsqenansnan.com udp
US 8.8.8.8:53 gbpkhgfqbex.cc udp
US 8.8.8.8:53 aylmbqeoya.biz udp
US 8.8.8.8:53 yalqga.net udp
US 8.8.8.8:53 wobzzwnansnan.com udp
US 8.8.8.8:53 zxrihgn.cc udp
US 8.8.8.8:53 oajgygeoya.biz udp
US 8.8.8.8:53 wqcdhiiugkeq.info udp
US 8.8.8.8:53 aptodqfqbex.cc udp
US 8.8.8.8:53 uxkybodsholapet.org udp
US 8.8.8.8:53 kqkucmiq.biz udp
US 8.8.8.8:53 yeelwwiugkeq.info udp
US 8.8.8.8:53 uftbdanansnan.org udp
US 8.8.8.8:53 orgedodsholapet.cc udp
US 8.8.8.8:53 ckjwws.biz udp
US 8.8.8.8:53 wsqncmiq.biz udp
US 8.8.8.8:53 oznoladsholapet.cc udp
US 8.8.8.8:53 uymqdanansnan.cc udp
US 8.8.8.8:53 sctaik.info udp
US 8.8.8.8:53 cgeyaeiq.info udp
US 8.8.8.8:53 qnpobwnansnan.com udp
US 8.8.8.8:53 wvwmfwnansnan.org udp
US 8.8.8.8:53 swgylwiugkeq.info udp
PL 86.38.224.149:36512 tcp
US 8.8.8.8:53 iajimsuiwcymao.net udp
US 8.8.8.8:53 nsjrhafox.com udp
US 8.8.8.8:53 mcxevguiwcymao.biz udp
US 8.8.8.8:53 ymnqisuiwcymao.biz udp
US 8.8.8.8:53 epzhpadsholapet.org udp
US 8.8.8.8:53 frkkjifox.cc udp
US 8.8.8.8:53 ycmaemiq.info udp
US 8.8.8.8:53 sgpjlgeoya.biz udp
US 8.8.8.8:53 jxzcesn.cc udp
US 8.8.8.8:53 uecfvodsholapet.cc udp
US 8.8.8.8:53 aidfuqeoya.biz udp
US 8.8.8.8:53 ksovoiiugkeq.info udp
US 8.8.8.8:53 dmnansn.cc udp
US 8.8.8.8:53 uwwltodsholapet.com udp
US 8.8.8.8:53 ocsoeaiugkeq.biz udp
US 8.8.8.8:53 weoejaiq.info udp
US 8.8.8.8:53 gertvkdsholapet.cc udp
US 8.8.8.8:53 whstjwnansnan.cc udp
US 8.8.8.8:53 iyyrimiq.net udp
US 8.8.8.8:53 ekfomk.biz udp
US 8.8.8.8:53 ttpwbwfox.com udp
US 8.8.8.8:53 spofbodsholapet.com udp
US 8.8.8.8:53 qyknfaiq.info udp
US 8.8.8.8:53 mcjgkcuiwcymao.info udp
US 8.8.8.8:53 igfaskdsholapet.org udp
US 8.8.8.8:53 bssllifox.com udp
US 8.8.8.8:53 gkpioa.net udp
US 8.8.8.8:53 mwzcvo.info udp
US 8.8.8.8:53 zgnsakn.com udp
US 8.8.8.8:53 vtilrwfox.cc udp
US 8.8.8.8:53 oitmmguiwcymao.biz udp
US 8.8.8.8:53 qaflhsuiwcymao.biz udp
US 8.8.8.8:53 pwlipkn.cc udp
US 8.8.8.8:53 hgigeifox.org udp
US 8.8.8.8:53 qkoouaiugkeq.biz udp
US 8.8.8.8:53 oockpsiugkeq.biz udp
US 8.8.8.8:53 kflqhwnansnan.org udp
US 8.8.8.8:53 owfwvqfqbex.org udp
US 8.8.8.8:53 gmkaywiq.biz udp
LT 62.80.229.89:34395 tcp
US 8.8.8.8:53 awdoageoya.biz udp
US 8.8.8.8:53 qtrewqfqbex.cc udp
US 8.8.8.8:53 ywzceyfqbex.org udp
US 8.8.8.8:53 yuxiaguiwcymao.info udp
US 8.8.8.8:53 uotqck.biz udp
US 8.8.8.8:53 aglbwyfqbex.org udp
US 8.8.8.8:53 ztkqlsfox.org udp
US 8.8.8.8:53 eesizmiq.biz udp
US 8.8.8.8:53 sikygmiq.biz udp
US 8.8.8.8:53 aubczufqbex.com udp
US 8.8.8.8:53 rmcwswfox.cc udp
US 8.8.8.8:53 sqvcokuiwcymao.net udp
US 8.8.8.8:53 acbnza.biz udp
US 8.8.8.8:53 grxjiadsholapet.org udp
US 8.8.8.8:53 ftsszifox.org udp
US 8.8.8.8:53 wmuasaiq.info udp
US 8.8.8.8:53 wmtyfcuiwcymao.net udp
US 8.8.8.8:53 oorajmnansnan.com udp
US 8.8.8.8:53 czfmlufqbex.org udp
US 8.8.8.8:53 ymfwugeoya.net udp
US 8.8.8.8:53 ecwvmiiugkeq.biz udp
US 8.8.8.8:53 gxdmjyfqbex.com udp
US 8.8.8.8:53 kapmjgfqbex.org udp
US 8.8.8.8:53 giecbeiq.net udp
US 8.8.8.8:53 wgecnmiq.net udp
US 8.8.8.8:53 idbxmenansnan.cc udp
US 8.8.8.8:53 zaqnbifox.cc udp
US 8.8.8.8:53 maksmaiugkeq.biz udp
US 8.8.8.8:53 bubcrifox.com udp
US 8.8.8.8:53 kphesgfqbex.cc udp
US 8.8.8.8:53 qqrmqyeoya.net udp
US 8.8.8.8:53 gsjwmyeoya.info udp
US 8.8.8.8:53 acjybkdsholapet.org udp
US 8.8.8.8:53 pnglvifox.org udp
US 8.8.8.8:53 eiryro.net udp
US 8.8.8.8:53 agdrxgeoya.info udp
US 8.8.8.8:53 hmvudifox.com udp
US 8.8.8.8:53 vatadsn.cc udp
US 8.8.8.8:53 yacmxaiq.net udp
US 8.8.8.8:53 islmzgfqbex.org udp
US 8.8.8.8:53 oefqyqfqbex.org udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 gkyuqaiugkeq.biz udp
NL 173.194.69.94:80 c.pki.goog tcp
US 8.8.8.8:53 oxratmnansnan.org udp
US 8.8.8.8:53 yqqbawnansnan.cc udp
US 8.8.8.8:53 iohvma.net udp
US 8.8.8.8:53 wqnupo.net udp
US 8.8.8.8:53 iuzuiadsholapet.cc udp
US 8.8.8.8:53 tmvtpkn.cc udp
US 8.8.8.8:53 cugfziiugkeq.biz udp
US 8.8.8.8:53 aepoha.info udp
US 8.8.8.8:53 zkhoeifox.org udp
US 8.8.8.8:53 yegjjenansnan.org udp
US 8.8.8.8:53 cyvrsa.net udp
US 8.8.8.8:53 mkxecs.info udp
US 8.8.8.8:53 gsdegsdsholapet.cc udp
US 8.8.8.8:53 zqysrsfox.org udp
US 8.8.8.8:53 eqhpkueoya.biz udp
US 8.8.8.8:53 ikjufgeoya.net udp
US 8.8.8.8:53 gfbmogfqbex.com udp
US 8.8.8.8:53 dwldhkn.org udp
US 8.8.8.8:53 csxmwa.info udp
US 8.8.8.8:53 iqdeckuiwcymao.biz udp
US 8.8.8.8:53 tsjeqafox.org udp
US 8.8.8.8:53 ptloqgn.com udp
US 8.8.8.8:53 iugakwiq.net udp
US 8.8.8.8:53 isvwmkuiwcymao.info udp
US 8.8.8.8:53 gknmwufqbex.cc udp
US 8.8.8.8:53 iznihqfqbex.com udp
US 8.8.8.8:53 uiwcjsiugkeq.biz udp
LT 78.58.3.78:41969 tcp
US 8.8.8.8:53 gixftyeoya.info udp
US 8.8.8.8:53 idvoxwnansnan.cc udp
US 8.8.8.8:53 byzuxgn.cc udp
US 8.8.8.8:53 iabuqguiwcymao.biz udp
US 8.8.8.8:53 wurwgyeoya.info udp
US 8.8.8.8:53 gjdfvwnansnan.com udp
US 8.8.8.8:53 dffsrsn.org udp
US 8.8.8.8:53 sivexyeoya.net udp
US 8.8.8.8:53 uqpzckuiwcymao.info udp
US 8.8.8.8:53 suzwfqfqbex.cc udp
US 8.8.8.8:53 gpmmhodsholapet.org udp
US 8.8.8.8:53 eszycs.net udp
US 8.8.8.8:53 gcbgiguiwcymao.biz udp
US 8.8.8.8:53 iefgbqfqbex.cc udp
US 8.8.8.8:53 mymqnmnansnan.com udp
US 8.8.8.8:53 cgpmps.net udp
US 8.8.8.8:53 aulwxueoya.net udp
US 8.8.8.8:53 orpjzqfqbex.com udp
US 8.8.8.8:53 fxznrkn.org udp
US 8.8.8.8:53 wglqssuiwcymao.biz udp
US 8.8.8.8:53 cyayeaiugkeq.info udp
US 8.8.8.8:53 sqdhpwnansnan.com udp
US 8.8.8.8:53 snzmvgfqbex.cc udp
US 8.8.8.8:53 moowyeiq.info udp
US 8.8.8.8:53 kyahisiugkeq.biz udp
US 8.8.8.8:53 mshmosdsholapet.org udp
US 8.8.8.8:53 fieqtafox.cc udp
US 8.8.8.8:53 weejmwiq.info udp
US 8.8.8.8:53 sikaewiq.net udp
US 8.8.8.8:53 zmjagwfox.org udp
US 8.8.8.8:53 qluhvwnansnan.cc udp
US 8.8.8.8:53 eatcucuiwcymao.biz udp
US 8.8.8.8:53 cexuqgeoya.net udp
US 8.8.8.8:53 qdzozwnansnan.org udp
US 8.8.8.8:53 zbrcxgn.org udp
US 8.8.8.8:53 gymyweiq.info udp
US 8.8.8.8:53 aovyio.net udp
US 8.8.8.8:53 ubnouadsholapet.com udp
US 8.8.8.8:53 mifmcufqbex.cc udp
US 8.8.8.8:53 qyybyiiugkeq.biz udp
US 8.8.8.8:53 muacceiq.net udp
US 8.8.8.8:53 egtpmodsholapet.org udp
US 8.8.8.8:53 vfgjfafox.com udp
US 8.8.8.8:53 swclbiiugkeq.net udp
US 8.8.8.8:53 getgao.biz udp
US 8.8.8.8:53 zxsgxsfox.cc udp
US 8.8.8.8:53 ukbpuyeoya.net udp
US 8.8.8.8:53 qceocwiq.biz udp
US 8.8.8.8:53 bdrwrifox.org udp
US 8.8.8.8:53 cesojwnansnan.com udp
US 8.8.8.8:53 ggdhoo.info udp
US 8.8.8.8:53 ymezueiq.info udp
US 8.8.8.8:53 eexmdsdsholapet.org udp
US 8.8.8.8:53 nqxyqgn.cc udp
US 8.8.8.8:53 comqjwiq.biz udp
US 8.8.8.8:53 yqwkqeiq.biz udp
US 8.8.8.8:53 ytzmhufqbex.com udp
US 8.8.8.8:53 gyxyvufqbex.com udp
US 8.8.8.8:53 osfiqyeoya.biz udp
US 8.8.8.8:53 mcdgasuiwcymao.net udp
US 8.8.8.8:53 xqdbzcn.cc udp
US 8.8.8.8:53 fyocvifox.cc udp
US 8.8.8.8:53 isekeaiugkeq.net udp
US 8.8.8.8:53 wkzkwk.biz udp
US 8.8.8.8:53 rplohafox.com udp
US 8.8.8.8:53 axmiladsholapet.org udp
US 8.8.8.8:53 kihkqkuiwcymao.biz udp
US 8.8.8.8:53 gmlhva.info udp
US 8.8.8.8:53 aczswufqbex.cc udp
US 8.8.8.8:53 aieosadsholapet.cc udp
US 8.8.8.8:53 gyxodo.net udp
US 8.8.8.8:53 ggmyveiq.info udp
US 8.8.8.8:53 xkzsbgn.com udp
LT 78.63.93.73:32254 tcp
US 8.8.8.8:53 vjrgrcn.cc udp
US 8.8.8.8:53 schqpueoya.info udp
US 8.8.8.8:53 sartiyeoya.net udp
US 8.8.8.8:53 qrvuvufqbex.com udp
US 8.8.8.8:53 jonuakn.com udp
US 8.8.8.8:53 owngpa.biz udp
US 8.8.8.8:53 avhlmyfqbex.cc udp
US 8.8.8.8:53 utiyvenansnan.org udp
US 8.8.8.8:53 wykiwwiugkeq.info udp
US 8.8.8.8:53 osusqmiq.biz udp
US 8.8.8.8:53 sczrvufqbex.org udp
US 8.8.8.8:53 qikivodsholapet.com udp
US 8.8.8.8:53 mehcsyeoya.biz udp
US 8.8.8.8:53 mkybywiugkeq.net udp
US 8.8.8.8:53 xhhmuifox.cc udp
US 8.8.8.8:53 lyfwngn.com udp
US 8.8.8.8:53 uafdiguiwcymao.net udp
US 8.8.8.8:53 eyrvmguiwcymao.biz udp
US 8.8.8.8:53 eqjsisdsholapet.com udp
US 8.8.8.8:53 eqkpxanansnan.com udp
US 8.8.8.8:53 iybujyeoya.biz udp
US 8.8.8.8:53 yuhgyo.biz udp
US 8.8.8.8:53 kcdfasdsholapet.cc udp
US 8.8.8.8:53 besntafox.com udp
US 8.8.8.8:53 eqmumwiq.net udp
US 8.8.8.8:53 egvwaa.biz udp
US 8.8.8.8:53 xbxisafox.com udp
US 8.8.8.8:53 qnozvwnansnan.org udp
US 8.8.8.8:53 akpomo.net udp
US 8.8.8.8:53 oyacsaiugkeq.info udp
US 8.8.8.8:53 eutjzsdsholapet.cc udp
US 8.8.8.8:53 owsuzwnansnan.org udp
US 8.8.8.8:53 cgymowiq.biz udp
US 8.8.8.8:53 mmfcecuiwcymao.biz udp
US 8.8.8.8:53 cwdapgfqbex.cc udp
US 8.8.8.8:53 lqvjfsn.cc udp
US 8.8.8.8:53 ysfoqguiwcymao.biz udp
US 8.8.8.8:53 yrhqrqfqbex.cc udp
US 8.8.8.8:53 gitzhs.info udp
US 8.8.8.8:53 qkiqfwiq.info udp
US 8.8.8.8:53 ljxqosfox.org udp
US 8.8.8.8:53 wndyoufqbex.com udp
US 8.8.8.8:53 acjkvk.info udp
US 8.8.8.8:53 ginmmyeoya.net udp
US 8.8.8.8:53 zazemafox.com udp
US 8.8.8.8:53 mqseyadsholapet.com udp
US 8.8.8.8:53 oszimqeoya.info udp
US 8.8.8.8:53 cwbggyeoya.biz udp
US 8.8.8.8:53 rvlrtafox.com udp
US 8.8.8.8:53 tgeshafox.cc udp
US 8.8.8.8:53 uunoak.info udp
US 8.8.8.8:53 qckmqeiq.biz udp
US 8.8.8.8:53 mwdgrkdsholapet.cc udp
US 8.8.8.8:53 pfgoksfox.cc udp
US 8.8.8.8:53 qweicmiq.biz udp
US 8.8.8.8:53 skhhiqeoya.biz udp
US 8.8.8.8:53 vbznrgn.org udp
US 8.8.8.8:53 srjilyfqbex.org udp
US 8.8.8.8:53 qmdeho.biz udp
US 8.8.8.8:53 zmjcssn.cc udp
US 8.8.8.8:53 qregladsholapet.org udp
US 8.8.8.8:53 ecxmyqeoya.info udp
US 8.8.8.8:53 konziueoya.info udp
LT 78.62.2.125:26035 tcp
US 8.8.8.8:53 lxlshsfox.cc udp
US 8.8.8.8:53 uquqtwnansnan.org udp
US 8.8.8.8:53 yybqus.net udp
US 8.8.8.8:53 wsugqwiugkeq.biz udp
US 8.8.8.8:53 xufincn.cc udp
US 8.8.8.8:53 aykcjmnansnan.org udp
US 8.8.8.8:53 oukykaiugkeq.net udp
US 8.8.8.8:53 qutejs.biz udp
US 8.8.8.8:53 cgxlzqfqbex.cc udp
US 8.8.8.8:53 uhvilyfqbex.com udp
US 8.8.8.8:53 gqdsusuiwcymao.info udp
US 8.8.8.8:53 umjaoueoya.biz udp
US 8.8.8.8:53 suxenyfqbex.com udp
US 8.8.8.8:53 bbbqogn.cc udp
US 8.8.8.8:53 uyssoiiugkeq.info udp
US 8.8.8.8:53 ighgjs.biz udp
US 8.8.8.8:53 ccfscyfqbex.org udp
US 8.8.8.8:53 yayvdenansnan.cc udp
US 8.8.8.8:53 mqleuk.biz udp
US 8.8.8.8:53 iodwkk.info udp
US 8.8.8.8:53 txjfrsfox.com udp
US 8.8.8.8:53 yfhjaufqbex.com udp
US 8.8.8.8:53 aazpsguiwcymao.biz udp
US 8.8.8.8:53 uykmdeiq.biz udp
US 8.8.8.8:53 mhzuwmnansnan.cc udp
US 8.8.8.8:53 uplovyfqbex.org udp
US 8.8.8.8:53 akfhkcuiwcymao.info udp
US 8.8.8.8:53 qgwoqsiugkeq.net udp
US 8.8.8.8:53 hjjzngn.org udp
US 8.8.8.8:53 axwbladsholapet.org udp
US 8.8.8.8:53 waymuwiq.biz udp
US 8.8.8.8:53 iucsusiugkeq.biz udp
US 8.8.8.8:53 pkdrqafox.com udp
US 8.8.8.8:53 wmbmlufqbex.com udp
US 8.8.8.8:53 mersoqeoya.biz udp
US 8.8.8.8:53 sudayanansnan.org udp
US 8.8.8.8:53 zytejgn.com udp
US 8.8.8.8:53 ycsceiiugkeq.net udp
US 8.8.8.8:53 scbzksuiwcymao.info udp
US 8.8.8.8:53 oitcuqfqbex.cc udp
US 8.8.8.8:53 uoiydkdsholapet.org udp
US 8.8.8.8:53 wwbqrcuiwcymao.info udp
US 8.8.8.8:53 imdeek.info udp
US 8.8.8.8:53 iqldiodsholapet.cc udp
US 8.8.8.8:53 phqkvwfox.com udp
US 8.8.8.8:53 owdajs.biz udp
US 8.8.8.8:53 kqvkns.net udp
US 8.8.8.8:53 skxdpufqbex.org udp
US 8.8.8.8:53 vxaebafox.cc udp
US 8.8.8.8:53 mmbvxs.info udp
US 8.8.8.8:53 sooteiiugkeq.biz udp
US 8.8.8.8:53 eebuikdsholapet.com udp
US 8.8.8.8:53 oaxkjyfqbex.org udp
KR 89.117.232.61:29879 tcp
US 8.8.8.8:53 akzwsguiwcymao.info udp
US 8.8.8.8:53 sgpxsqeoya.biz udp
US 8.8.8.8:53 xcvpnsfox.com udp
US 8.8.8.8:53 owkwlwnansnan.com udp
US 8.8.8.8:53 wyciqwiugkeq.info udp
US 8.8.8.8:53 auoiuaiugkeq.info udp
US 8.8.8.8:53 vqtsgkn.com udp
US 8.8.8.8:53 oodymo.net udp
US 8.8.8.8:53 oaqxkaiugkeq.info udp
US 8.8.8.8:53 xjnyvafox.org udp
US 8.8.8.8:53 kcwidmnansnan.cc udp
US 8.8.8.8:53 usmeciiugkeq.biz udp
US 8.8.8.8:53 eugwbsiugkeq.biz udp
US 8.8.8.8:53 fyflfkn.org udp
US 8.8.8.8:53 riykswfox.cc udp
US 8.8.8.8:53 uklyqa.biz udp
US 8.8.8.8:53 ssgskwiq.net udp
US 8.8.8.8:53 fddysifox.org udp
US 8.8.8.8:53 goragufqbex.com udp
US 8.8.8.8:53 ombweqeoya.net udp
US 8.8.8.8:53 swbrgcuiwcymao.info udp
US 8.8.8.8:53 zbtkbcn.org udp
US 8.8.8.8:53 yessjmnansnan.org udp
US 8.8.8.8:53 eapisguiwcymao.biz udp
US 8.8.8.8:53 uktock.info udp
US 8.8.8.8:53 bhdiokn.com udp
US 8.8.8.8:53 mcmzqkdsholapet.org udp
US 8.8.8.8:53 gqviuyeoya.biz udp
US 8.8.8.8:53 ywyucaiugkeq.net udp
US 8.8.8.8:53 wuhphyfqbex.org udp
US 8.8.8.8:53 seporueoya.biz udp
US 8.8.8.8:53 yiwsgeiq.info udp
US 8.8.8.8:53 kolafadsholapet.cc udp
US 8.8.8.8:53 gooelkdsholapet.com udp
US 8.8.8.8:53 iqpjrueoya.biz udp
US 8.8.8.8:53 yspsgk.net udp
US 8.8.8.8:53 mbxihanansnan.cc udp
US 8.8.8.8:53 uwubwanansnan.org udp
US 8.8.8.8:53 uyayqwiugkeq.net udp
US 8.8.8.8:53 cgimuwiugkeq.net udp
US 8.8.8.8:53 iddqwqfqbex.cc udp
US 8.8.8.8:53 ecgubkdsholapet.cc udp
US 8.8.8.8:53 quzxoa.info udp
US 8.8.8.8:53 mchwdanansnan.cc udp
US 8.8.8.8:53 czvumyfqbex.com udp
US 8.8.8.8:53 kqpskgeoya.biz udp
US 8.8.8.8:53 qwlrvqeoya.net udp
US 8.8.8.8:53 hrnudsfox.com udp
US 8.8.8.8:53 sofmgs.biz udp
US 8.8.8.8:53 sgbyko.info udp
US 8.8.8.8:53 tozeksn.cc udp
US 8.8.8.8:53 gxksrmnansnan.cc udp
US 8.8.8.8:53 muxyoa.net udp
US 8.8.8.8:53 osrqqqeoya.net udp
US 8.8.8.8:53 cqznqsdsholapet.com udp
US 8.8.8.8:53 scauaenansnan.org udp
US 8.8.8.8:53 mevpuqeoya.biz udp
US 8.8.8.8:53 aoiajwiq.biz udp
US 8.8.8.8:53 ssxyxyfqbex.com udp
US 8.8.8.8:53 mhekdwnansnan.com udp
US 8.8.8.8:53 smawxwiq.info udp
US 8.8.8.8:53 mqvoos.info udp
US 8.8.8.8:53 kbdpjsdsholapet.cc udp
US 8.8.8.8:53 ebganmnansnan.cc udp
SG 86.38.197.181:28096 tcp
US 8.8.8.8:53 iqgutmiq.biz udp
US 8.8.8.8:53 umyehaiugkeq.biz udp
US 8.8.8.8:53 nqjszwfox.org udp
US 8.8.8.8:53 rxpwhsn.org udp
US 8.8.8.8:53 ceaoqmiq.info udp
US 8.8.8.8:53 yumeraiugkeq.net udp
US 8.8.8.8:53 qfrqhadsholapet.org udp
US 8.8.8.8:53 inemlenansnan.org udp
US 8.8.8.8:53 esdwxo.net udp
US 8.8.8.8:53 wsfiuyeoya.info udp
US 8.8.8.8:53 amxgxodsholapet.org udp
US 8.8.8.8:53 oxwyzwnansnan.cc udp
US 8.8.8.8:53 qsvcxguiwcymao.biz udp
US 8.8.8.8:53 keacqaiq.net udp
US 8.8.8.8:53 whlptkdsholapet.org udp
US 8.8.8.8:53 uarmoa.net udp
US 8.8.8.8:53 wmhiwgeoya.net udp
US 8.8.8.8:53 iypmnqfqbex.com udp
US 8.8.8.8:53 fzhebgn.com udp
US 8.8.8.8:53 gufuwueoya.net udp
US 8.8.8.8:53 ceyxisiugkeq.biz udp
US 8.8.8.8:53 yihkdufqbex.com udp
US 8.8.8.8:53 yhcvdanansnan.org udp
US 8.8.8.8:53 mgaeewiugkeq.info udp
US 8.8.8.8:53 aoqyewiq.net udp
US 8.8.8.8:53 lftrxgn.org udp
US 8.8.8.8:53 qwkcekdsholapet.org udp
US 8.8.8.8:53 omkrfaiq.info udp
US 8.8.8.8:53 kgmcjeiq.net udp
US 8.8.8.8:53 fhxsqkn.com udp
US 8.8.8.8:53 aqqrpenansnan.org udp
US 8.8.8.8:53 uqstaiiugkeq.biz udp
US 8.8.8.8:53 kanyiyeoya.biz udp
US 8.8.8.8:53 jpngpgn.org udp
US 8.8.8.8:53 qwebdkdsholapet.org udp
US 8.8.8.8:53 iydrmcuiwcymao.net udp
US 8.8.8.8:53 wuhweyeoya.info udp
US 8.8.8.8:53 uwerhsdsholapet.com udp
US 8.8.8.8:53 ymqwleiq.net udp
US 8.8.8.8:53 kovkhsdsholapet.org udp
US 8.8.8.8:53 dlmkisfox.com udp
US 8.8.8.8:53 ykqjawiugkeq.info udp
US 8.8.8.8:53 cgtpxcuiwcymao.biz udp
US 8.8.8.8:53 wqlyawnansnan.org udp
US 8.8.8.8:53 qynqyk.info udp
US 8.8.8.8:53 lqluewfox.org udp
US 8.8.8.8:53 opyaxwnansnan.cc udp
US 8.8.8.8:53 cuokwaiugkeq.net udp
US 8.8.8.8:53 cycqgwiugkeq.biz udp
US 8.8.8.8:53 shjjtyfqbex.org udp
US 8.8.8.8:53 wtwmcmnansnan.org udp
US 8.8.8.8:53 ionqna.biz udp
US 8.8.8.8:53 wkbrhqeoya.net udp
US 8.8.8.8:53 qjhuxodsholapet.org udp
US 8.8.8.8:53 ykccnmnansnan.com udp
US 8.8.8.8:53 yigutmiq.biz udp
US 8.8.8.8:53 syrxsk.biz udp
US 8.8.8.8:53 gsrgdqfqbex.org udp
US 8.8.8.8:53 bmkwjsfox.cc udp
US 8.8.8.8:53 ukywfeiq.info udp
US 8.8.8.8:53 kszpsguiwcymao.net udp
US 8.8.8.8:53 sjlmfufqbex.com udp
US 8.8.8.8:53 rheemifox.cc udp
US 8.8.8.8:53 mmrgya.net udp
US 8.8.8.8:53 iidwsueoya.biz udp
US 8.8.8.8:53 oevwfufqbex.cc udp
LT 78.62.118.198:15726 tcp
US 8.8.8.8:53 cucwoeiq.net udp
US 8.8.8.8:53 iuhypqfqbex.com udp
US 8.8.8.8:53 rivkbkn.cc udp
US 8.8.8.8:53 aqpascuiwcymao.info udp
US 8.8.8.8:53 qqdija.net udp
US 8.8.8.8:53 hlfurafox.cc udp
US 8.8.8.8:53 ptsmhsfox.com udp
US 8.8.8.8:53 ggqiqwiugkeq.net udp
US 8.8.8.8:53 cqjasqeoya.net udp
US 8.8.8.8:53 qqfubodsholapet.org udp
US 8.8.8.8:53 ajdkyyfqbex.org udp
US 8.8.8.8:53 qascgsiugkeq.info udp
US 8.8.8.8:53 gsypawiugkeq.info udp
US 8.8.8.8:53 lyzklcn.cc udp
US 8.8.8.8:53 cumuakdsholapet.cc udp
US 8.8.8.8:53 kkcmkiiugkeq.net udp
US 8.8.8.8:53 syviugeoya.net udp
US 8.8.8.8:53 qfldwkdsholapet.com udp
US 8.8.8.8:53 mbxusgfqbex.com udp
US 8.8.8.8:53 earvms.net udp
US 8.8.8.8:53 ewzycqeoya.info udp
US 8.8.8.8:53 bbdggsn.org udp
US 8.8.8.8:53 poldesn.org udp
US 8.8.8.8:53 qyprca.biz udp
US 8.8.8.8:53 qumekmiq.biz udp
US 8.8.8.8:53 xurxbsfox.com udp
US 8.8.8.8:53 bxcobafox.cc udp
US 8.8.8.8:53 uqjgfqeoya.biz udp
US 8.8.8.8:53 odnzxwnansnan.org udp
US 8.8.8.8:53 vzfussn.cc udp
US 8.8.8.8:53 uwajkwiq.info udp
US 8.8.8.8:53 zezkhcn.org udp
US 8.8.8.8:53 gcgdyaiugkeq.biz udp
US 8.8.8.8:53 ugxiqgeoya.biz udp
US 8.8.8.8:53 hqpevafox.org udp
US 8.8.8.8:53 gkqthsdsholapet.org udp
US 8.8.8.8:53 egjnusuiwcymao.net udp
US 8.8.8.8:53 wmtoigeoya.info udp
US 8.8.8.8:53 jndypgn.cc udp
US 8.8.8.8:53 eteovmnansnan.com udp
US 8.8.8.8:53 iormwyeoya.info udp
US 8.8.8.8:53 uqsgmsiugkeq.net udp
US 8.8.8.8:53 axttzufqbex.cc udp
US 8.8.8.8:53 nuhczcn.org udp
US 8.8.8.8:53 iahdbyeoya.net udp
US 8.8.8.8:53 eaxmiyeoya.net udp
US 8.8.8.8:53 qotcsufqbex.com udp
US 8.8.8.8:53 qkfqcguiwcymao.net udp
US 8.8.8.8:53 kglyxk.net udp
US 8.8.8.8:53 qaemvsdsholapet.cc udp
US 8.8.8.8:53 auvmdqeoya.info udp
US 8.8.8.8:53 eorcbqeoya.info udp
US 8.8.8.8:53 citadyfqbex.cc udp
US 8.8.8.8:53 rukmpafox.com udp
US 8.8.8.8:53 eqymksiugkeq.biz udp
US 8.8.8.8:53 marwuo.biz udp
US 8.8.8.8:53 pubgfwfox.cc udp
US 8.8.8.8:53 suyglkdsholapet.cc udp
US 8.8.8.8:53 cuzmjcuiwcymao.biz udp
US 8.8.8.8:53 cikoyenansnan.com udp
US 8.8.8.8:53 ukfwho.info udp
US 8.8.8.8:53 mslazqeoya.info udp
US 8.8.8.8:53 xjzgmgn.com udp
US 8.8.8.8:53 nxvefgn.org udp
US 8.8.8.8:53 mebcocuiwcymao.info udp
US 8.8.8.8:53 gqcxsaiq.info udp
US 8.8.8.8:53 pbtdxcn.org udp
US 8.8.8.8:53 ucgmaiiugkeq.info udp
US 8.8.8.8:53 ikfpuqeoya.biz udp
LT 78.60.93.15:17935 tcp
US 8.8.8.8:53 kehawkdsholapet.org udp
US 8.8.8.8:53 godbpgfqbex.cc udp
US 8.8.8.8:53 mezops.net udp
US 8.8.8.8:53 iytoms.net udp
US 8.8.8.8:53 ywrlnqfqbex.cc udp
US 8.8.8.8:53 yhmwnadsholapet.com udp
US 8.8.8.8:53 swoeteiq.biz udp
US 8.8.8.8:53 iedgio.info udp
US 8.8.8.8:53 tbfkqkn.com udp
US 8.8.8.8:53 bwcxfsfox.com udp
US 8.8.8.8:53 ecnjfsuiwcymao.biz udp
US 8.8.8.8:53 uixctueoya.net udp
US 8.8.8.8:53 aflhlanansnan.com udp
US 8.8.8.8:53 pdzosgn.cc udp
US 8.8.8.8:53 ukzkckuiwcymao.net udp
US 8.8.8.8:53 cekcumiq.info udp
US 8.8.8.8:53 bxzorcn.com udp
US 8.8.8.8:53 suobfmnansnan.org udp
US 8.8.8.8:53 mkbansuiwcymao.info udp
US 8.8.8.8:53 yywpvwiq.net udp
US 8.8.8.8:53 yjrmlkdsholapet.cc udp
US 8.8.8.8:53 qjnepyfqbex.org udp
US 8.8.8.8:53 iarixcuiwcymao.info udp
US 8.8.8.8:53 omuiveiq.info udp
US 8.8.8.8:53 hxjcbsfox.org udp
US 8.8.8.8:53 jrnqhsn.cc udp
US 8.8.8.8:53 gglsua.net udp
US 8.8.8.8:53 ogaalmiq.net udp
US 8.8.8.8:53 llrphsn.com udp
US 8.8.8.8:53 nnbackn.org udp
US 8.8.8.8:53 gmnycsuiwcymao.info udp
US 8.8.8.8:53 cwbodcuiwcymao.net udp
US 8.8.8.8:53 cieihodsholapet.org udp
US 8.8.8.8:53 wsecgmiq.biz udp
US 8.8.8.8:53 usbmsyeoya.net udp
US 8.8.8.8:53 mgtexwnansnan.cc udp
US 8.8.8.8:53 pcfarkn.org udp
US 8.8.8.8:53 cavsgqeoya.biz udp
US 8.8.8.8:53 swzpiqeoya.biz udp
US 8.8.8.8:53 llfpeifox.org udp
US 8.8.8.8:53 gizabufqbex.cc udp
US 8.8.8.8:53 iopsmgeoya.biz udp
US 8.8.8.8:53 mijnao.info udp
US 8.8.8.8:53 dqfulcn.cc udp
US 8.8.8.8:53 kygwmkdsholapet.com udp
US 8.8.8.8:53 yqzivyeoya.net udp
US 8.8.8.8:53 qojcbgeoya.net udp
US 8.8.8.8:53 utvkyyfqbex.org udp
US 8.8.8.8:53 zdiclwfox.org udp
US 8.8.8.8:53 mclqzo.info udp
US 8.8.8.8:53 osemzsiugkeq.biz udp
US 8.8.8.8:53 oowfvkdsholapet.org udp
US 8.8.8.8:53 mogguaiq.biz udp
US 8.8.8.8:53 iupqacuiwcymao.info udp
US 8.8.8.8:53 bhjjnwfox.cc udp
US 8.8.8.8:53 ucqwcsdsholapet.org udp
US 8.8.8.8:53 ykfito.net udp
US 8.8.8.8:53 mgtzwcuiwcymao.info udp
LT 212.12.200.27:27888 tcp
US 8.8.8.8:53 lvtshifox.org udp
US 8.8.8.8:53 bndqign.cc udp
US 8.8.8.8:53 uerodk.net udp
US 8.8.8.8:53 cifoacuiwcymao.net udp
US 8.8.8.8:53 ktherkdsholapet.com udp
US 8.8.8.8:53 ggymjwnansnan.org udp
US 8.8.8.8:53 eesuoeiq.net udp
US 8.8.8.8:53 eaiabeiq.info udp
US 8.8.8.8:53 osjozqfqbex.cc udp
US 8.8.8.8:53 eytsiyfqbex.org udp
US 8.8.8.8:53 kerzoueoya.net udp
US 8.8.8.8:53 iqjuiyeoya.biz udp
US 8.8.8.8:53 bjxctkn.com udp
US 8.8.8.8:53 atufrkdsholapet.org udp
US 8.8.8.8:53 cqfsakuiwcymao.info udp
US 8.8.8.8:53 sonmsguiwcymao.net udp
US 8.8.8.8:53 ktvtuqfqbex.com udp
US 8.8.8.8:53 swptcufqbex.org udp
US 8.8.8.8:53 uitqgqeoya.info udp
US 8.8.8.8:53 yesswaiugkeq.biz udp
US 8.8.8.8:53 vjrqpifox.com udp
US 8.8.8.8:53 bkblrgn.com udp
US 8.8.8.8:53 iawlyaiq.biz udp
US 8.8.8.8:53 iyoameiq.info udp
US 8.8.8.8:53 egfglodsholapet.org udp
US 8.8.8.8:53 sjogyodsholapet.com udp
US 8.8.8.8:53 akpqxgeoya.info udp
US 8.8.8.8:53 oibecs.net udp
US 8.8.8.8:53 schgpenansnan.cc udp
US 8.8.8.8:53 xuwwxafox.cc udp
US 8.8.8.8:53 ockwkwiq.biz udp
US 8.8.8.8:53 iqdssqeoya.net udp
US 8.8.8.8:53 tlnseifox.org udp
US 8.8.8.8:53 jzkufsfox.cc udp
US 8.8.8.8:53 wedkha.net udp
US 8.8.8.8:53 aggedsiugkeq.biz udp
US 8.8.8.8:53 lgjemifox.cc udp
US 8.8.8.8:53 teeyesfox.com udp
US 8.8.8.8:53 iiksqeiq.biz udp
US 8.8.8.8:53 gunansuiwcymao.biz udp
US 8.8.8.8:53 vorwjkn.com udp
US 8.8.8.8:53 spcyamnansnan.com udp
US 8.8.8.8:53 ouiclaiugkeq.info udp
US 8.8.8.8:53 gikzowiq.net udp
US 8.8.8.8:53 gdhaksdsholapet.org udp
US 8.8.8.8:53 yeyofaiq.biz udp
US 8.8.8.8:53 csfjwk.info udp
US 8.8.8.8:53 unrslqfqbex.org udp
US 8.8.8.8:53 ojaiekdsholapet.com udp
US 8.8.8.8:53 eetgus.net udp
US 8.8.8.8:53 iuhmisdsholapet.cc udp
US 8.8.8.8:53 cegyfodsholapet.com udp
US 8.8.8.8:53 qauaiwiq.net udp
US 8.8.8.8:53 wkjcmqeoya.biz udp
US 8.8.8.8:53 ijnkngfqbex.org udp
US 8.8.8.8:53 qfdxjufqbex.cc udp
US 8.8.8.8:53 kwlwcyeoya.biz udp
US 8.8.8.8:53 ckmsgiiugkeq.biz udp
US 8.8.8.8:53 pmvcfifox.org udp
US 8.8.8.8:53 pbkgmafox.cc udp
US 8.8.8.8:53 akpmis.biz udp
US 8.8.8.8:53 eapucyeoya.net udp
US 8.8.8.8:53 ebhswkdsholapet.cc udp
US 8.8.8.8:53 jurxicn.com udp
US 8.8.8.8:53 cczwkgeoya.net udp
LT 78.62.69.177:30444 tcp
US 8.8.8.8:53 oavnko.net udp
US 8.8.8.8:53 wipylufqbex.cc udp
US 8.8.8.8:53 iranpadsholapet.com udp
US 8.8.8.8:53 ycrymk.biz udp
US 8.8.8.8:53 zaldfafox.com udp
US 8.8.8.8:53 fdtekgn.org udp
US 8.8.8.8:53 kyksdwiq.net udp
US 8.8.8.8:53 keqkdaiugkeq.biz udp
US 8.8.8.8:53 qslgfyfqbex.com udp
US 8.8.8.8:53 ntguyifox.com udp
US 8.8.8.8:53 eyepgmiq.biz udp
US 8.8.8.8:53 jsfxdcn.com udp
US 8.8.8.8:53 akkzsmiq.biz udp
US 8.8.8.8:53 medcayeoya.biz udp
US 8.8.8.8:53 gwdjqufqbex.cc udp
US 8.8.8.8:53 lusihsfox.cc udp
US 8.8.8.8:53 kggqywiugkeq.info udp
US 8.8.8.8:53 sylkkk.info udp
US 8.8.8.8:53 kxpohsdsholapet.cc udp
US 8.8.8.8:53 cpcsmanansnan.cc udp
US 8.8.8.8:53 suvfsgeoya.biz udp
US 8.8.8.8:53 csudmaiq.net udp
US 8.8.8.8:53 kdisisdsholapet.cc udp
US 8.8.8.8:53 emfkcgeoya.info udp
US 8.8.8.8:53 ubvyukdsholapet.org udp
US 8.8.8.8:53 wdwkwanansnan.cc udp
US 8.8.8.8:53 iqgexwiq.net udp
US 8.8.8.8:53 qasousiugkeq.net udp
US 8.8.8.8:53 tcpfuifox.cc udp
US 8.8.8.8:53 nujkukn.cc udp
US 8.8.8.8:53 wospgeiq.info udp
US 8.8.8.8:53 ybjynenansnan.com udp
US 8.8.8.8:53 camquanansnan.com udp
US 8.8.8.8:53 uookkaiugkeq.biz udp
US 8.8.8.8:53 gkvbggeoya.biz udp
US 8.8.8.8:53 nzrougn.org udp
US 8.8.8.8:53 dgpklcn.cc udp
US 8.8.8.8:53 uoxeok.net udp
US 8.8.8.8:53 qovevgeoya.biz udp
US 8.8.8.8:53 eylahwnansnan.com udp
US 8.8.8.8:53 khwufanansnan.org udp
US 8.8.8.8:53 geteqyeoya.info udp
US 8.8.8.8:53 igvpjkuiwcymao.info udp
US 8.8.8.8:53 grzqlyfqbex.cc udp
US 8.8.8.8:53 nyeufwfox.org udp
US 8.8.8.8:53 qsleiqeoya.biz udp
US 8.8.8.8:53 wgrcdadsholapet.cc udp
US 8.8.8.8:53 xczyecn.com udp
US 8.8.8.8:53 wipwmueoya.biz udp
US 8.8.8.8:53 amngrguiwcymao.net udp
US 8.8.8.8:53 stjrhenansnan.com udp
US 8.8.8.8:53 mmvkpkuiwcymao.net udp
US 8.8.8.8:53 aaonhaiugkeq.info udp
US 8.8.8.8:53 sftmlkdsholapet.org udp
US 8.8.8.8:53 qvkojenansnan.org udp
US 8.8.8.8:53 gcefaeiq.biz udp
LT 89.117.223.145:37143 tcp
US 8.8.8.8:53 wyogswiugkeq.biz udp
US 8.8.8.8:53 xjbgnsn.com udp
US 8.8.8.8:53 jploakn.com udp
US 8.8.8.8:53 mmrsnueoya.info udp
US 8.8.8.8:53 omrekkdsholapet.com udp
US 8.8.8.8:53 yvsfvadsholapet.com udp
US 8.8.8.8:53 aefitcuiwcymao.info udp
US 8.8.8.8:53 gqdkeueoya.net udp
US 8.8.8.8:53 qdlypmnansnan.cc udp
US 8.8.8.8:53 sifuwa.biz udp
US 8.8.8.8:53 ksuegmiq.net udp
US 8.8.8.8:53 razczcn.cc udp
US 8.8.8.8:53 rqffzgn.com udp
US 8.8.8.8:53 eepjbsuiwcymao.info udp
US 8.8.8.8:53 aqzasqeoya.info udp
US 8.8.8.8:53 vljnpwfox.org udp
US 8.8.8.8:53 impifufqbex.cc udp
US 8.8.8.8:53 ikkodiiugkeq.info udp
US 8.8.8.8:53 asibuwiugkeq.info udp
US 8.8.8.8:53 uxzsdkdsholapet.com udp
US 8.8.8.8:53 mmjiwqfqbex.cc udp
US 8.8.8.8:53 ocmzdmiq.net udp
US 8.8.8.8:53 cynhmueoya.info udp
US 8.8.8.8:53 sftccmnansnan.cc udp

Files

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

MD5 85cb856b920e7b0b7b75115336fc2af2
SHA1 1d1a207efec2f5187583b652c35aef74ee4c473f
SHA256 6fff20aabe8265b6e811c9dbcb987f9c15cf07d1d8b80ced7b287d96900f5c62
SHA512 120ff9c77c19216e5691b6ba812f09f7db7b46685a391027fff56e5b73200f4211b6bac2c2d28cdfe461d1fbf10f1a3204adeedbd0a34a034a862c6278d901e8

C:\Windows\SysWOW64\jaykgzsmysoctbsthh.exe

MD5 c7e5d9b24e40b9b5909256350f70b10b
SHA1 fb9d569e524b0cbe1f4a4a600ada58f687a7aee4
SHA256 2e7aa86c211bcba2701f0d5acd491714bcbaf5f5cd6e930bc9795fdfb2a7f859
SHA512 2cb935a8f5f1bc4fafbcd7de1bd3dabe65e31a2f3f860dcfbc65aad89242841e59fc6fffec922f20f4c983723329503060b00e4e7152873730c7de41b93a17ea

C:\Users\Admin\AppData\Local\Temp\hmyyip.exe

MD5 00d3e24dcf409ac926fab68da7f97e67
SHA1 131eb56e1b5dc09f17be395c6294d690a58ed45b
SHA256 b8154726e58a62b52e2860717b0f0f2bbdecaa2f9e32ed521cb2bd31442ed4be
SHA512 f60ea70e785b5e82ba81b9968e716fd2fa5b9fe9bffee2aa3736648fa41450ddf9748e8df0f149412de5199fb7cd5767202baf9c18a41336094001692537d7ec

C:\Users\Admin\AppData\Local\xwcwabceyaeazpoxtbxwcw.bce

MD5 3013495010498d20972a875e33769ca4
SHA1 045a7f520b90249cdfe3aa17ac65eb9ebfe9b720
SHA256 0f431deaa72269ed461bb4d6a16ac30ca83981a7a326acf3386e437b43bff3e4
SHA512 101319fcb5217191b729d0142b173648ef129ef4c6b783f747d6676eece5c5ff862cbacc5a98d9e781fd76235be94c6e9b5869b1f126a7a5eed3268637820824

C:\Users\Admin\AppData\Local\oypujvhuzmbistdxexeofkzlxkpcryijt.unu

MD5 adc93a8f3b7ba5cbc9d31ca4c1548752
SHA1 17eed569c29985c23eeb38ecd311364caabae9a9
SHA256 76b3257f7b2040cc0b2ff45c3dd401513f41e122ac64bf054e39737f7fdb3386
SHA512 ab985d2e22d3fdf7fbf7fe23992eb2fc181ca327bad0f77b0cca079cef488bbfe89f4a87413bc5894e15658e5a9186b5d1f4251bd8cbfee2702b3f5e6cacc40b

C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce

MD5 6c8e33de6c120c7fbc02824ffce458e4
SHA1 eae802f217333fb8fdec2ba712dc06b1e024c91f
SHA256 b0fe705c520b41251a16c677fe700fb3b5b34a4be33965ac0037c395284d550f
SHA512 8371762e885b246b4278c74075b3247fedbd803a2db03f31f35e461b3ab932b22a332a203585b25f8d7ecdfe0ab469badd03c02c0cef9a050a97b2fabe578fb0

C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce

MD5 98de08751087e9d0a4965c3ed7e955ce
SHA1 fbab36d5a1f24acdf35c7f5dc168f0ce4e8c2726
SHA256 41ff0fc6c76494d8596977538af6b49931bab4a6ceeb6dde7f590b665aa5a2ee
SHA512 8db259c91c816d3789b7851d620c1f6bc0ec8424269d0c9ab7765dede0b30c049c79add0ab361bfd2dcc0fc1e4169f2ace9b101c67f955f388318c435dc9c237

C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce

MD5 5fd690adfcb271f08acc758878a0beba
SHA1 0be43201985fb0f25c4205800694bff6ef5a515a
SHA256 d28a728ae2d449fc0cbb3a0675c175c53ba4d33d91c95570b2f3a371612e5814
SHA512 2cbef223ca7fa04ba63ab03901a40473e2441c73c443422fc733139ab111f145ea522f6f9482501ac97cd550595adfe817821aa6f084b64dba656e6058d6de44

C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce

MD5 041c888b48b5c809d7cff216e819eee1
SHA1 d56e72c91a9e691dbe319b6781af8cd0411b5d00
SHA256 77432700c095497f69acf30e1eff8527f163f55966b279f40aad40ca40a77643
SHA512 8e97af72c91b75eae1727fea45c0e8016af9250bf1a3df7f104061ee39fa50d6daea34324e229a9e426a240c38fc54f7290a9ada080c0128301f8665b3ddadb0

C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce

MD5 6c59c253071c00f3cf039cc32f7b714b
SHA1 9a9b11d54a67e560678842a274655d1205dd1c27
SHA256 c14775c097be583b6c6c8ea53ae024c1e4468e4b87a9584603dcab0c89076023
SHA512 f55d9c789d2c7abb11934b94c87db63aca687cbdf51bd4f8e753a4ba8cfd4069fbfd7a936ba122331c53d00d4e384378a1b771e438a2911db01fcedf543bee38

C:\Program Files (x86)\xwcwabceyaeazpoxtbxwcw.bce

MD5 ad26c91b0c12f06158b53d065dbb371f
SHA1 4c91656e839f4456efd0971abba9fb190209e4d1
SHA256 9d9c246f888146f92fbab88be4b0017e42e135360d642f25c60462fe1add998d
SHA512 368e95dd9905acf566912ccd120d9fcaeaea3b902d9f8730754a20ae2043b2517e5f6776b8add11b419b21036ba5ff17325d05bd3abe3570e9ca4bd67b414da2