Analysis Overview
SHA256
915d73145ca41654c2bd3a3b908de8f2df454c97bb351237bd5498b9954c789a
Threat Level: Known bad
The file JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4 was found to be: Known bad.
Malicious Activity Summary
Pykspa
Pykspa family
UAC bypass
Modifies WinLogon for persistence
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Impair Defenses: Safe Mode Boot
Checks computer location settings
Executes dropped EXE
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-21 12:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-21 12:50
Reported
2025-04-21 12:52
Platform
win10v2004-20250410-en
Max time kernel
41s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "khylibuferskjorhxw.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\xxrhhdznpfjegoungillf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "khylibuferskjorhxw.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "khylibuferskjorhxw.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "bxnzvnfpnzzqosujy.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "ihapojershkefmrjbced.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "bxnzvnfpnzzqosujy.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "khylibuferskjorhxw.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "khylibuferskjorhxw.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "khylibuferskjorhxw.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "bxnzvnfpnzzqosujy.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "vtlzxrlxxlnggmqhyyz.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "vtlzxrlxxlnggmqhyyz.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "vtlzxrlxxlnggmqhyyz.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "ihapojershkefmrjbced.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "vtlzxrlxxlnggmqhyyz.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "bxnzvnfpnzzqosujy.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "xxrhhdznpfjegoungillf.exe" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "ihapojershkefmrjbced.exe" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File created | C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Program Files (x86)\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File created | C:\Program Files (x86)\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\opkbczwlofkgjsztnquvqh.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\bxnzvnfpnzzqosujy.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\upepkbsbyjiyvyzn.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\xxrhhdznpfjegoungillf.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| File opened for modification | C:\Windows\khylibuferskjorhxw.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\ihapojershkefmrjbced.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| File opened for modification | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xxrhhdznpfjegoungillf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xxrhhdznpfjegoungillf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bxnzvnfpnzzqosujy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ihapojershkefmrjbced.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\vtlzxrlxxlnggmqhyyz.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\xhllv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe"
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\xhllv.exe
"C:\Users\Admin\AppData\Local\Temp\xhllv.exe" "-C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe"
C:\Users\Admin\AppData\Local\Temp\xhllv.exe
"C:\Users\Admin\AppData\Local\Temp\xhllv.exe" "-C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Windows\bxnzvnfpnzzqosujy.exe
bxnzvnfpnzzqosujy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Windows\khylibuferskjorhxw.exe
khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\xxrhhdznpfjegoungillf.exe
xxrhhdznpfjegoungillf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\upepkbsbyjiyvyzn.exe
upepkbsbyjiyvyzn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\vtlzxrlxxlnggmqhyyz.exe
vtlzxrlxxlnggmqhyyz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
C:\Windows\ihapojershkefmrjbced.exe
ihapojershkefmrjbced.exe .
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.181.196:80 | www.google.com | tcp |
| BG | 62.221.130.39:17704 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | moikamee.com | udp |
| US | 8.8.8.8:53 | oaqkqiis.org | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | jatefotkvud.org | udp |
| US | 8.8.8.8:53 | oooasi.com | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | aqvytwt.info | udp |
| US | 8.8.8.8:53 | weailw.net | udp |
| US | 8.8.8.8:53 | pitvnw.net | udp |
| US | 8.8.8.8:53 | dizufihetx.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | hmbktwpbt.org | udp |
| US | 8.8.8.8:53 | zvzhyopf.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | agukkowimk.com | udp |
| US | 8.8.8.8:53 | ucgcjhh.info | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | qsekoukeokqg.com | udp |
| US | 8.8.8.8:53 | uykmiuqo.org | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | luysjfb.com | udp |
| US | 8.8.8.8:53 | fcynhv.info | udp |
| US | 8.8.8.8:53 | srsatozxrchk.net | udp |
| US | 8.8.8.8:53 | rwpspnhvrpo.org | udp |
| US | 8.8.8.8:53 | hldbhcipp.net | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | cumaiy.org | udp |
| US | 8.8.8.8:53 | mqihxnjodctj.info | udp |
| US | 8.8.8.8:53 | oaygygaaoi.org | udp |
| US | 8.8.8.8:53 | hyravgpfay.info | udp |
| US | 8.8.8.8:53 | zuyqiemaml.info | udp |
| US | 8.8.8.8:53 | dltgdtvifjqg.info | udp |
| US | 8.8.8.8:53 | ysjizl.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| BG | 77.85.139.88:27742 | tcp | |
| US | 8.8.8.8:53 | eknrxjruf.info | udp |
| US | 8.8.8.8:53 | wfjktspmtut.info | udp |
| US | 8.8.8.8:53 | dckcijzjneed.info | udp |
| US | 8.8.8.8:53 | johoxgt.info | udp |
| US | 8.8.8.8:53 | jxfebvvyxz.net | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | lwfypod.com | udp |
| US | 8.8.8.8:53 | xqswhgjm.info | udp |
| US | 8.8.8.8:53 | qmmaac.org | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | kuikme.com | udp |
| US | 8.8.8.8:53 | zuhzeab.info | udp |
| US | 8.8.8.8:53 | tiakorhqn.net | udp |
| US | 8.8.8.8:53 | oapolzg.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | tclgxmk.com | udp |
| US | 8.8.8.8:53 | qyooawes.com | udp |
| US | 8.8.8.8:53 | hjddssuzls.info | udp |
| US | 8.8.8.8:53 | saukwdt.net | udp |
| US | 8.8.8.8:53 | kvedaxle.info | udp |
| US | 8.8.8.8:53 | kcooooauiw.org | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | eweqqikkea.org | udp |
| US | 8.8.8.8:53 | gpenjfhcdk.net | udp |
| US | 8.8.8.8:53 | blekok.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | xvfuumog.info | udp |
| US | 8.8.8.8:53 | gegynploxzw.net | udp |
| US | 8.8.8.8:53 | ayqoma.com | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | uuimqocicqyw.org | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | hukglnfe.net | udp |
| US | 8.8.8.8:53 | rltqnrca.info | udp |
| BG | 212.75.9.232:15356 | tcp | |
| US | 8.8.8.8:53 | ympitsw.info | udp |
| US | 8.8.8.8:53 | qkseqw.com | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | yomsggss.org | udp |
| US | 8.8.8.8:53 | qcvurin.net | udp |
| US | 8.8.8.8:53 | hazovaquz.org | udp |
| US | 8.8.8.8:53 | bqlobbdmr.net | udp |
| US | 8.8.8.8:53 | ckzupae.info | udp |
| US | 8.8.8.8:53 | zxtgfej.com | udp |
| US | 8.8.8.8:53 | xvzumiq.org | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | uyfzrayfobls.info | udp |
| US | 8.8.8.8:53 | wfdjzi.info | udp |
| US | 8.8.8.8:53 | tcptygxhc.org | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | oaxuhshi.net | udp |
| US | 8.8.8.8:53 | mjvtphaadm.net | udp |
| US | 8.8.8.8:53 | hrbsgvbwu.net | udp |
| US | 8.8.8.8:53 | ksmarutuxrs.net | udp |
| US | 8.8.8.8:53 | lwnwdktijgp.info | udp |
| US | 8.8.8.8:53 | onsihix.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | yeuqlybq.info | udp |
| US | 8.8.8.8:53 | xxljgeeltnyp.info | udp |
| US | 8.8.8.8:53 | gndqhjlb.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | eczfjddmvwqb.info | udp |
| US | 8.8.8.8:53 | kmuqmiauykyy.org | udp |
| US | 8.8.8.8:53 | btyewm.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | hvrnoiyqiffg.net | udp |
| US | 8.8.8.8:53 | opjksthcaaf.net | udp |
| US | 8.8.8.8:53 | hntbnhnzmed.com | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | jpwpfyuqbxw.info | udp |
| US | 8.8.8.8:53 | mmoqeo.com | udp |
| US | 8.8.8.8:53 | akkiaqamgi.org | udp |
| US | 8.8.8.8:53 | ggiuwc.org | udp |
| US | 8.8.8.8:53 | prwedbd.info | udp |
| US | 8.8.8.8:53 | bklvfs.net | udp |
| US | 8.8.8.8:53 | fhngbai.com | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | gozmketzjvr.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| BG | 212.75.12.230:29925 | tcp | |
| US | 8.8.8.8:53 | hjgfzdbrum.net | udp |
| US | 8.8.8.8:53 | guyaayw.net | udp |
| US | 8.8.8.8:53 | vcfstxvsf.com | udp |
| US | 8.8.8.8:53 | spdaumzndi.info | udp |
| US | 8.8.8.8:53 | kmxcxkjop.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | nevebwgpv.info | udp |
| US | 8.8.8.8:53 | turnvm.net | udp |
| US | 8.8.8.8:53 | zsxefpw.info | udp |
| US | 8.8.8.8:53 | tlrvmx.net | udp |
| US | 8.8.8.8:53 | jlrxzfhn.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | iyrabgx.info | udp |
| US | 8.8.8.8:53 | gfudxfziws.net | udp |
| US | 8.8.8.8:53 | vranwj.net | udp |
| US | 8.8.8.8:53 | yghkqyr.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | jupecmnww.org | udp |
| US | 8.8.8.8:53 | tutguqsq.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | tefdqs.net | udp |
| US | 8.8.8.8:53 | oydihhhi.info | udp |
| US | 8.8.8.8:53 | uwuapyzql.info | udp |
| US | 8.8.8.8:53 | ocjslgr.info | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | ixlxhsttgv.info | udp |
| BG | 92.247.105.3:29281 | tcp | |
| US | 8.8.8.8:53 | cbvuly.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | sclyvtaoud.info | udp |
| US | 8.8.8.8:53 | qxkfdhkup.info | udp |
| US | 8.8.8.8:53 | neeuhhdpvp.net | udp |
| US | 8.8.8.8:53 | nanmfqkxe.org | udp |
| US | 8.8.8.8:53 | wclazslaknj.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | orfmafjrvyvp.net | udp |
| US | 8.8.8.8:53 | lmksdgntqsp.com | udp |
| US | 8.8.8.8:53 | cukcqimagiyg.org | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | leurdumdx.info | udp |
| US | 8.8.8.8:53 | tdscjkbcpvdl.info | udp |
| US | 8.8.8.8:53 | zmywzotmdcv.org | udp |
| US | 8.8.8.8:53 | bmbezdhpzd.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | dunvfk.info | udp |
| US | 8.8.8.8:53 | ngklbg.net | udp |
| US | 8.8.8.8:53 | nfrpcsbtva.net | udp |
| US | 8.8.8.8:53 | ogxvom.net | udp |
| US | 8.8.8.8:53 | oyacyaqssmkg.com | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | xbhcmja.net | udp |
| US | 8.8.8.8:53 | muvdirplpg.net | udp |
| US | 8.8.8.8:53 | kdnvyhchhj.info | udp |
| US | 8.8.8.8:53 | ummocv.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | wanmhobzh.net | udp |
| US | 8.8.8.8:53 | enkqvtjylh.info | udp |
| BG | 78.90.95.253:17142 | tcp | |
| US | 8.8.8.8:53 | fpdiqy.net | udp |
| US | 8.8.8.8:53 | qsdwwe.net | udp |
| US | 8.8.8.8:53 | dcqybxb.net | udp |
| US | 8.8.8.8:53 | esffxqbwfxix.net | udp |
| US | 8.8.8.8:53 | lclydqrcii.net | udp |
| US | 8.8.8.8:53 | eirurm.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | kqahpuxzzu.info | udp |
| US | 8.8.8.8:53 | zolcpbtynx.info | udp |
| US | 8.8.8.8:53 | qfwvmqjz.net | udp |
| US | 8.8.8.8:53 | agmhtfzyfbxn.info | udp |
| US | 8.8.8.8:53 | notinuu.info | udp |
| US | 8.8.8.8:53 | txbcwf.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | dljivorqbwr.net | udp |
| US | 8.8.8.8:53 | tcbcjnbzm.org | udp |
| US | 8.8.8.8:53 | meuozyd.info | udp |
| US | 8.8.8.8:53 | abjzkz.info | udp |
| BG | 84.252.17.72:32745 | tcp | |
| US | 8.8.8.8:53 | ruspjgdhc.com | udp |
| US | 8.8.8.8:53 | wugvpundvay.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | zkuila.info | udp |
| US | 8.8.8.8:53 | buuvrkuqb.info | udp |
| US | 8.8.8.8:53 | pwlmkcnqr.com | udp |
| US | 8.8.8.8:53 | fonertbplmf.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | gjjmmqquhzd.net | udp |
| US | 8.8.8.8:53 | gndosntdfg.net | udp |
| US | 8.8.8.8:53 | mopdjlsprl.info | udp |
| US | 8.8.8.8:53 | qqqiomwgumam.org | udp |
| US | 8.8.8.8:53 | oqoxfzbeg.info | udp |
| US | 8.8.8.8:53 | cjocyhvhljvd.info | udp |
| US | 8.8.8.8:53 | ymvghpvq.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | huhclorgb.info | udp |
| US | 8.8.8.8:53 | iwqsuw.org | udp |
| US | 8.8.8.8:53 | skmqosoedc.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | lszkbxx.net | udp |
| US | 8.8.8.8:53 | znlejovuqew.net | udp |
| US | 8.8.8.8:53 | ggoqmioksw.org | udp |
| US | 8.8.8.8:53 | xhvexuibpk.info | udp |
| US | 8.8.8.8:53 | wshubuxcvmi.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| BG | 93.155.227.18:43755 | tcp | |
| US | 8.8.8.8:53 | angvoj.info | udp |
| US | 8.8.8.8:53 | nynxoaij.net | udp |
| US | 8.8.8.8:53 | hauzgcbyh.com | udp |
| US | 8.8.8.8:53 | xkeptf.net | udp |
| US | 8.8.8.8:53 | gykogquoom.org | udp |
| US | 8.8.8.8:53 | lirezebem.net | udp |
| US | 8.8.8.8:53 | iypmhrtklwx.net | udp |
| US | 8.8.8.8:53 | pyskryzdre.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | nurrdlrfvkd.net | udp |
| US | 8.8.8.8:53 | lrpqoa.info | udp |
| US | 8.8.8.8:53 | dmnxwwbryjve.net | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | twzrppoz.info | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | egrcdwzrj.net | udp |
| US | 8.8.8.8:53 | aqigcaf.net | udp |
| US | 8.8.8.8:53 | gwjhzdwfd.info | udp |
| US | 8.8.8.8:53 | fvblprdpji.info | udp |
| US | 8.8.8.8:53 | vcdwhaezj.org | udp |
| US | 8.8.8.8:53 | xtxharqsxd.info | udp |
| US | 8.8.8.8:53 | qydvbuj.info | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | bkgppw.net | udp |
| US | 8.8.8.8:53 | ismqceyewi.com | udp |
| US | 8.8.8.8:53 | aeitnijy.net | udp |
| US | 8.8.8.8:53 | usxoemybenvp.net | udp |
| US | 8.8.8.8:53 | qwsqae.com | udp |
| US | 8.8.8.8:53 | lgsnlwvyn.org | udp |
| US | 8.8.8.8:53 | ugnwdivqc.net | udp |
| US | 8.8.8.8:53 | fmhrxirb.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | zrmpfvzdzfmd.net | udp |
| US | 8.8.8.8:53 | gnjydacld.net | udp |
| US | 8.8.8.8:53 | sowxizr.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | xrlggm.info | udp |
| US | 8.8.8.8:53 | khdqwn.info | udp |
| US | 8.8.8.8:53 | gazrnrgvvjrv.net | udp |
| US | 8.8.8.8:53 | xrzkzcpqhos.com | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | lgrkap.net | udp |
| US | 8.8.8.8:53 | hkaoakhuxxj.net | udp |
| BG | 78.90.21.9:22307 | tcp | |
| US | 8.8.8.8:53 | ybjwdazmh.net | udp |
| US | 8.8.8.8:53 | wmoycwic.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | zeveixqmebcv.net | udp |
| US | 8.8.8.8:53 | yogqummkqccc.org | udp |
| US | 8.8.8.8:53 | fwasfgq.com | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | egiehizwpo.net | udp |
| US | 8.8.8.8:53 | bllmlxrcxel.net | udp |
| US | 8.8.8.8:53 | vrimcs.info | udp |
| US | 8.8.8.8:53 | iagqkkmowk.com | udp |
| US | 8.8.8.8:53 | zazwetpv.net | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | fanttpzybtfc.net | udp |
| US | 8.8.8.8:53 | iiumnibeazvy.net | udp |
| US | 8.8.8.8:53 | wkhdicxyt.net | udp |
| US | 8.8.8.8:53 | iswklk.info | udp |
| US | 8.8.8.8:53 | tvgvuhpqeo.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | qmbxgiyyt.info | udp |
| US | 8.8.8.8:53 | cskmwooyogwi.com | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | mgnnvpjyx.net | udp |
| US | 8.8.8.8:53 | lcuupol.org | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | parszagv.info | udp |
| US | 8.8.8.8:53 | ramdrhhy.info | udp |
| US | 8.8.8.8:53 | edogletf.info | udp |
| US | 8.8.8.8:53 | pntqnwolxd.net | udp |
| US | 8.8.8.8:53 | fqalztcm.info | udp |
| US | 8.8.8.8:53 | wqyega.com | udp |
| US | 8.8.8.8:53 | esrcnez.info | udp |
| US | 8.8.8.8:53 | hmkdntzodypq.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | exufpv.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | eaisasukqmym.com | udp |
| BG | 77.85.139.88:27742 | tcp | |
| US | 8.8.8.8:53 | vytdzekbatqs.info | udp |
| US | 8.8.8.8:53 | reqwnmzybhe.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | aiygzkf.info | udp |
| US | 8.8.8.8:53 | yyekkuqqkggq.org | udp |
| US | 8.8.8.8:53 | fyzref.info | udp |
| US | 8.8.8.8:53 | mkoyuoqyqm.com | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | eciasicg.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | kldelwdjeih.net | udp |
| US | 8.8.8.8:53 | cevulwwrv.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | qwkqee.com | udp |
| US | 8.8.8.8:53 | hblciyw.org | udp |
| US | 8.8.8.8:53 | llhsoa.info | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | ctrorvb.net | udp |
| US | 8.8.8.8:53 | nepfhtuiek.net | udp |
| US | 8.8.8.8:53 | mcqywckogk.org | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| DE | 172.217.16.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | ggaccytw.net | udp |
| US | 8.8.8.8:53 | mctxlglc.net | udp |
| US | 8.8.8.8:53 | fubdsnckgiej.net | udp |
| US | 8.8.8.8:53 | vdtmynaz.info | udp |
| US | 8.8.8.8:53 | miqabz.info | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | qmvyls.info | udp |
| US | 8.8.8.8:53 | iuoccsyygs.org | udp |
| US | 8.8.8.8:53 | xmamblgyboe.org | udp |
| US | 8.8.8.8:53 | rmlyevhj.info | udp |
| US | 8.8.8.8:53 | vcukwrrturt.com | udp |
| US | 8.8.8.8:53 | yqsbxpfbuv.net | udp |
| US | 89.116.197.253:21499 | tcp | |
| US | 8.8.8.8:53 | qdsaksgdcqpu.info | udp |
| US | 8.8.8.8:53 | gzxecejqu.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | xqxeelxf.net | udp |
| US | 8.8.8.8:53 | lpiwbmd.com | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | gsgueeowqyma.org | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | raauhusu.info | udp |
| US | 8.8.8.8:53 | nuyawgd.net | udp |
| US | 8.8.8.8:53 | hhxifefy.net | udp |
| US | 8.8.8.8:53 | suwiuqsq.com | udp |
| US | 8.8.8.8:53 | zlvlcsxshn.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | ljsgrdiegz.info | udp |
| US | 8.8.8.8:53 | wvdohgfwgl.net | udp |
| US | 8.8.8.8:53 | ecgmqsgeuu.org | udp |
| US | 8.8.8.8:53 | jakdsuxh.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | giztiauazy.info | udp |
| US | 8.8.8.8:53 | rtbjdot.net | udp |
| US | 8.8.8.8:53 | olslmyc.net | udp |
| US | 8.8.8.8:53 | efmgzkd.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | kssodkprg.net | udp |
| US | 8.8.8.8:53 | hfgtdbkg.net | udp |
| US | 8.8.8.8:53 | hakqbyp.org | udp |
| US | 8.8.8.8:53 | jehmqwtaj.net | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | cuwthzid.info | udp |
| US | 8.8.8.8:53 | wskbral.info | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | qqlycigtjsl.info | udp |
| US | 8.8.8.8:53 | zoaiuckqpmb.org | udp |
| US | 8.8.8.8:53 | bbbbna.net | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | qapqhz.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | kckmfyayp.info | udp |
| US | 8.8.8.8:53 | nprnpyhktl.info | udp |
| US | 8.8.8.8:53 | dhhzrh.info | udp |
| US | 8.8.8.8:53 | jxdbeqtcuf.info | udp |
| US | 8.8.8.8:53 | nlsglgb.org | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | puutrsfyxnf.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | lsgqqjtokun.info | udp |
| BG | 89.252.199.25:32726 | tcp | |
| US | 8.8.8.8:53 | iuoeiqemwsei.org | udp |
| US | 8.8.8.8:53 | uahbmpqyiz.info | udp |
| US | 8.8.8.8:53 | ygiccywoek.com | udp |
| US | 8.8.8.8:53 | nqrxvdpilb.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | wkbyemvathk.net | udp |
| US | 8.8.8.8:53 | oamogi.com | udp |
| US | 8.8.8.8:53 | iopydqzxvid.info | udp |
| US | 8.8.8.8:53 | lpfuyhp.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | lddvllpltgpv.info | udp |
| US | 8.8.8.8:53 | ycoqeogwee.com | udp |
| US | 8.8.8.8:53 | kbzxtypoo.net | udp |
| US | 8.8.8.8:53 | cqkwpf.net | udp |
| US | 8.8.8.8:53 | feqyakheodg.com | udp |
| US | 8.8.8.8:53 | bfpcqgfyh.com | udp |
| US | 8.8.8.8:53 | ieweyywu.org | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | nweyxdm.net | udp |
| US | 8.8.8.8:53 | bjkuoo.net | udp |
| US | 8.8.8.8:53 | gskoysokom.com | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | bnmldbam.net | udp |
| US | 8.8.8.8:53 | kroxtyy.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | ngvwdqf.net | udp |
| US | 8.8.8.8:53 | oumsaomacaoc.org | udp |
| US | 8.8.8.8:53 | uivgls.net | udp |
| US | 8.8.8.8:53 | ulpqbuzq.info | udp |
| US | 8.8.8.8:53 | yqlnftoodyt.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | kmkhrw.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | uizclwjnr.info | udp |
| US | 8.8.8.8:53 | kvqjhbhi.net | udp |
| US | 8.8.8.8:53 | jzmcrwsqxex.org | udp |
| BG | 95.43.69.150:28637 | tcp | |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | jkoeecadfi.net | udp |
| US | 8.8.8.8:53 | alesttdal.net | udp |
| US | 8.8.8.8:53 | pkssmvha.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | dchipcm.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | gwqgciesoi.org | udp |
| US | 8.8.8.8:53 | imlzlsfwrwp.info | udp |
| US | 8.8.8.8:53 | iazxsql.net | udp |
| US | 8.8.8.8:53 | zgzzzwdmwun.net | udp |
| US | 8.8.8.8:53 | ayecomimmo.com | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | qkiesiguqe.org | udp |
| US | 8.8.8.8:53 | hwivdwcg.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | yhuilxtvi.info | udp |
| US | 8.8.8.8:53 | ikypset.net | udp |
| US | 8.8.8.8:53 | ocvcuaclawvc.net | udp |
| US | 8.8.8.8:53 | sqdsvs.net | udp |
| US | 8.8.8.8:53 | pyosika.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | giqiaicg.info | udp |
| US | 8.8.8.8:53 | uipeukg.info | udp |
| US | 8.8.8.8:53 | cuiskkgeyy.com | udp |
| US | 8.8.8.8:53 | ucnatgs.net | udp |
| US | 8.8.8.8:53 | ersakmxuxbom.net | udp |
| US | 8.8.8.8:53 | kclapsdvb.info | udp |
| US | 8.8.8.8:53 | aqqkcgikik.com | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | bmxubwl.org | udp |
| US | 8.8.8.8:53 | hrlotwop.net | udp |
| US | 8.8.8.8:53 | npjxgherdmom.info | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | iantall.info | udp |
| US | 8.8.8.8:53 | lshyzmg.net | udp |
| US | 8.8.8.8:53 | wiiekmoqgocg.org | udp |
| US | 8.8.8.8:53 | korphcnkh.info | udp |
| US | 8.8.8.8:53 | ouxnksx.net | udp |
| US | 8.8.8.8:53 | cqzqbjpuj.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | tkxopwl.net | udp |
| US | 8.8.8.8:53 | mbdwnmjsooit.net | udp |
| US | 8.8.8.8:53 | vjyhmkkzqw.net | udp |
| LT | 78.61.104.163:13457 | tcp | |
| US | 8.8.8.8:53 | mwzbulbk.info | udp |
| US | 8.8.8.8:53 | rwxexyhmdytw.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | yoimayouws.com | udp |
| US | 8.8.8.8:53 | yeetpfrzn.info | udp |
| US | 8.8.8.8:53 | agqwme.com | udp |
| US | 8.8.8.8:53 | wdioaphoqfaq.net | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | tszexmh.net | udp |
| US | 8.8.8.8:53 | qwacgtfdqibo.net | udp |
| US | 8.8.8.8:53 | bxxzsc.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | ksivfm.net | udp |
| US | 8.8.8.8:53 | qkgftofbo.net | udp |
| US | 8.8.8.8:53 | ciqaiieuougo.org | udp |
| US | 8.8.8.8:53 | wsiqoqmikgie.com | udp |
| BG | 77.85.139.183:23584 | tcp | |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | ggjqbko.info | udp |
| US | 8.8.8.8:53 | wjttgqeez.info | udp |
| US | 8.8.8.8:53 | onxmqkk.net | udp |
| US | 8.8.8.8:53 | qgopkx.info | udp |
| US | 8.8.8.8:53 | aunzkkuw.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | pxjfqz.info | udp |
| US | 8.8.8.8:53 | nbnagc.net | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | eegcgiug.com | udp |
| US | 8.8.8.8:53 | vgqptghwuww.net | udp |
| US | 8.8.8.8:53 | lzeoasgihvzg.net | udp |
| US | 8.8.8.8:53 | qbflvorag.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | xaejgol.info | udp |
| US | 8.8.8.8:53 | ngqmxynmpgq.info | udp |
| US | 8.8.8.8:53 | upkzmhiuyu.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | iykymi.com | udp |
| US | 8.8.8.8:53 | tynmjaiyfcn.info | udp |
| US | 8.8.8.8:53 | lopapyl.info | udp |
| US | 8.8.8.8:53 | mulssisgd.net | udp |
| US | 8.8.8.8:53 | rqdqqzj.net | udp |
| US | 8.8.8.8:53 | ravzfmvuugw.info | udp |
| US | 8.8.8.8:53 | bebdpbx.net | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | koqwau.org | udp |
| US | 8.8.8.8:53 | fatydylwp.net | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | hwliyunoj.org | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | vhgqpumw.info | udp |
| US | 8.8.8.8:53 | wotgasneh.net | udp |
| US | 8.8.8.8:53 | cymqpglnb.info | udp |
| US | 8.8.8.8:53 | agzitin.info | udp |
| US | 8.8.8.8:53 | bqiicmdmmf.net | udp |
| BG | 94.156.130.52:34360 | tcp | |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | zisuhebzqb.net | udp |
| US | 8.8.8.8:53 | ebkkabk.net | udp |
| US | 8.8.8.8:53 | vvtccubkju.info | udp |
| US | 8.8.8.8:53 | hkhavjbmn.org | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | dkpjjqhnpn.net | udp |
| US | 8.8.8.8:53 | dyvprmtahjp.com | udp |
| US | 8.8.8.8:53 | bqruwauawov.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | huxwnqdcryfg.info | udp |
| US | 8.8.8.8:53 | xgjtpdjpvydz.net | udp |
| US | 8.8.8.8:53 | jditkjzb.info | udp |
| US | 8.8.8.8:53 | tuxltt.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | yyawoiskew.com | udp |
| US | 8.8.8.8:53 | sclexsgmu.net | udp |
| US | 8.8.8.8:53 | mppvlxed.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | hbpcazxk.info | udp |
| US | 8.8.8.8:53 | bsrszerux.info | udp |
| US | 8.8.8.8:53 | qgzewmygjsw.net | udp |
| US | 8.8.8.8:53 | usvwrjn.net | udp |
| US | 8.8.8.8:53 | ovuajc.info | udp |
| US | 8.8.8.8:53 | fyaorswqjvr.net | udp |
| US | 8.8.8.8:53 | sqemkaym.com | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | referapui.net | udp |
| US | 8.8.8.8:53 | uxgmenvx.info | udp |
| US | 8.8.8.8:53 | lemaqfjfj.com | udp |
| US | 8.8.8.8:53 | vjrfbinimowg.net | udp |
| US | 8.8.8.8:53 | gcgoaquw.org | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | qgpkzml.net | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | vattvlnjrnhe.info | udp |
| US | 8.8.8.8:53 | fcfgzsidxqtg.info | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | cdqodlzrrshq.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | oaeiyickiawy.com | udp |
| US | 8.8.8.8:53 | hfibyocobw.net | udp |
| US | 8.8.8.8:53 | nihmtuqtdkb.org | udp |
| US | 8.8.8.8:53 | qsgckoeuyq.org | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| BG | 77.70.116.191:31734 | tcp | |
| US | 8.8.8.8:53 | pepjhipwh.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | vzxlsh.net | udp |
| US | 8.8.8.8:53 | zumttp.net | udp |
| US | 8.8.8.8:53 | yofdpnfzdu.info | udp |
| US | 8.8.8.8:53 | okowauoa.com | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | xyjwtuglisy.com | udp |
| US | 8.8.8.8:53 | eisaagmg.com | udp |
| US | 8.8.8.8:53 | vurdeonfc.com | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | nvszogsfpc.info | udp |
| US | 8.8.8.8:53 | vgbfugpgbp.info | udp |
| US | 8.8.8.8:53 | wedsguzygla.info | udp |
| US | 8.8.8.8:53 | agwkik.com | udp |
| US | 8.8.8.8:53 | qoowqmagiiau.org | udp |
| US | 8.8.8.8:53 | kqmyiqimgkcm.org | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | eyhrpqemz.info | udp |
| US | 8.8.8.8:53 | uhpoewhnhqu.net | udp |
| US | 8.8.8.8:53 | fwruxargoum.com | udp |
| US | 8.8.8.8:53 | cmyxpmrvqh.info | udp |
| US | 8.8.8.8:53 | kateqf.net | udp |
| US | 8.8.8.8:53 | yktwzeigcmj.net | udp |
| US | 8.8.8.8:53 | bvsaoopwlaj.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | iogascswumyc.org | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | nbxxrnjvdl.info | udp |
| US | 8.8.8.8:53 | jvkonecbzg.net | udp |
| US | 8.8.8.8:53 | xhtuxibnkyp.com | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| LT | 78.58.125.219:39486 | tcp | |
| US | 8.8.8.8:53 | ucvwflolqoje.info | udp |
| US | 8.8.8.8:53 | xwfyvpn.org | udp |
| US | 8.8.8.8:53 | ercpvn.net | udp |
| US | 8.8.8.8:53 | pcbybug.org | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | iitwgazup.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | ioueburwv.info | udp |
| US | 8.8.8.8:53 | bydljtrt.net | udp |
| US | 8.8.8.8:53 | zabcayd.org | udp |
| US | 8.8.8.8:53 | ytywhuuwch.info | udp |
| US | 8.8.8.8:53 | zizcxulmw.org | udp |
| US | 8.8.8.8:53 | ovktfuv.net | udp |
| US | 8.8.8.8:53 | lshjozhx.info | udp |
| US | 8.8.8.8:53 | tmhpvqphvbtw.info | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| BG | 95.111.26.29:13427 | tcp | |
| US | 8.8.8.8:53 | usnlpgs.info | udp |
| US | 8.8.8.8:53 | twrwocw.org | udp |
| US | 8.8.8.8:53 | eeplucxunya.info | udp |
| US | 8.8.8.8:53 | awgktaycbob.net | udp |
| US | 8.8.8.8:53 | gygkxzwmpya.info | udp |
| US | 8.8.8.8:53 | vmxsdnlhawur.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | jipgzkbyv.net | udp |
| US | 8.8.8.8:53 | vmpgzgfnnv.net | udp |
| US | 8.8.8.8:53 | eebrlsrvieea.info | udp |
| US | 8.8.8.8:53 | rmvwhmchhl.info | udp |
| US | 8.8.8.8:53 | wbxejuwch.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | qolwhifef.net | udp |
| US | 8.8.8.8:53 | fqhugcamj.info | udp |
| US | 8.8.8.8:53 | avkooqwsmkw.net | udp |
| US | 8.8.8.8:53 | zinpltran.net | udp |
| US | 8.8.8.8:53 | birkhytcjmk.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | isdvjxndtd.info | udp |
| US | 8.8.8.8:53 | glchcepxzlsc.info | udp |
| US | 8.8.8.8:53 | rojetszrs.net | udp |
| US | 8.8.8.8:53 | yyxmwexscc.net | udp |
| US | 8.8.8.8:53 | gzyxgevrvwrj.info | udp |
| US | 8.8.8.8:53 | nzdfka.info | udp |
| US | 8.8.8.8:53 | wkpagkodvpvt.info | udp |
| US | 8.8.8.8:53 | cmacaauc.com | udp |
| US | 8.8.8.8:53 | hvuiaxgf.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | vbaqpqikz.org | udp |
| US | 8.8.8.8:53 | xucuzohgj.info | udp |
| US | 8.8.8.8:53 | lvpdbgfz.info | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | sqcgyuamwu.com | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | kbjqlgjovkz.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | sgeoqiewgoqk.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
| MD5 | 1dd5dd5561723f37ccc81e15ecdbf830 |
| SHA1 | eeb9131c8d276ceb710d163e89fdc62b3e111971 |
| SHA256 | c8c542ac3f6526d1501c2b9d6262bfa029a1ac0d9dd6b3c1965977abdd8bd126 |
| SHA512 | b4881d7cd0c2ceeba067e13d23763e739389108d1269acd6c343dd308aa1fedde89da696a8482944342f44ea1094ea6b50021a15d4c6d03762ba032a9598bba5 |
C:\Windows\SysWOW64\khylibuferskjorhxw.exe
| MD5 | c95a495a4c01031dd2c777a44c3fc9e4 |
| SHA1 | 51084a46294dd634450c6ac27d9ef870438c4d70 |
| SHA256 | 915d73145ca41654c2bd3a3b908de8f2df454c97bb351237bd5498b9954c789a |
| SHA512 | 152a18025948bc9d36f132eed09b3266c97843e0c6c110a3c35d51eeab48d360ca3ad26d25282b935681348eb0731aca6434b162a58e1996cc18e3aa48e1dcd6 |
C:\Users\Admin\AppData\Local\Temp\xhllv.exe
| MD5 | 9519379078f2a747e4a5c5b5124fdca7 |
| SHA1 | 248347e34769545776ba392753b934b7422ec854 |
| SHA256 | e6e23135d6a754e3234f4bb52bdfb6702f22c36d72c177e6b1ba6e5972bd6018 |
| SHA512 | 035ec7862a1ea18d46e6c8f9ae78cd768c66bf1014143c5ebd18c543d1bdaf54662eab245766edee5048b9f55498a8e51f2d5dac005bff944ddb56ac9299ebd9 |
C:\Users\Admin\AppData\Local\xhllvbhfrrfkwoehkwjtxxhntrd.rwi
| MD5 | a4d293e07ec2a1deb145572d6784f976 |
| SHA1 | 4d3c666b547ffae4624997acaaf810445c285d4b |
| SHA256 | e994d1e737e9622520874db646f1d8e8e748a35ee0ce672e3b31fc765624ef67 |
| SHA512 | a157f11e60908915a2ade2cc208f3d43e1439691fe5d4f2d41737dc85ad65d6397f374567dc8afbce76161edb7f4b7d07822ba2f3dede890b9efcb577df6d957 |
C:\Users\Admin\AppData\Local\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof
| MD5 | 871500230e819ea8a31aa0a6886156e3 |
| SHA1 | c34d5647988cfc221a3d159bb097449b516ec709 |
| SHA256 | 200f842fdb257ada7dbf40dd13ad98a3f9906528e57bf7966c3e7f58183273fe |
| SHA512 | c0113fc5b3538431044d91b3645d7442c6e10e890af5d24572ba362146d573e2b2bc75411aa8ad8c7c58ddce15987b310d1229808877800a80f7af39639e3ba4 |
C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi
| MD5 | f2ddee26eb3763ed504349f0e59a36fb |
| SHA1 | 6b5c86e5c7ee2f9cab752b0e9c0456bac164688d |
| SHA256 | 4c1fe6581d764c8dc51f2a7171869bfa282497eab8b115925166d58b2f547098 |
| SHA512 | 5e57470de05c4b4f8e3cfb6062d5c7ac5c5eef9be201dcd57d8e6fe4e436f9c77c2ceae3dfae3462a83878a276ba93905047b44b540de28bab8af7ad4e38f0a9 |
C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi
| MD5 | 3d11800274986aabe3eaf80f07243ba8 |
| SHA1 | 549496e05110a3c5140f754584909ba904ab2d81 |
| SHA256 | 3a285af87bf6c27bca669d467b8a7770208f1cc59583556d5abe244bfadd2bec |
| SHA512 | f2b248e8af395f9fcccc5c143d3d6c2253451fcd1d976d2618180fd3bf78bd2bfb4ec81edac4ffe43a03abb9ba71f7cda8cf9fe62ed121727fc4ed5f86263dc9 |
C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi
| MD5 | 1ebd22856dadb4921ae495f51d8bc282 |
| SHA1 | 1d70d34d23fdd7ea0d04c35c8d57deaaadf96946 |
| SHA256 | 40c849512f2669395a2ff0890818c1a9865c20fd8e3733c4c7665f37d46690bd |
| SHA512 | 37bab0358747b220787f5e84e45c0ae12c67d51cb5cae252046546813e3101e2114d68f3e4c47610635f34e6108038f117128c0c205752caf7af66218a05d171 |
C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi
| MD5 | fc9f079300121200f55b8b551a9d5222 |
| SHA1 | 37ea894badc039a40be7cfa372dca94f64eabd1d |
| SHA256 | e34f0c36ae5274c6a91842470b34f9a17d024d09e1c0ada3ad59a4f1277a025f |
| SHA512 | 764d16f12ca9b89f94d6c6583a60e5296b491f9f8e3cb0e72a3d3753037f95a1cf777c31b68f2c484135fd0619f200d903d62184d48466a491d80c58089fbc05 |
C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi
| MD5 | 1f43f9fee151e934434397e7d6d807a0 |
| SHA1 | f66cd632566921fb515b4ef766c7d2f090888da9 |
| SHA256 | 95deac9b2aee86d4b81e8e4c7bc66008d4c5db51c3a3926a880a0a5e43251b2a |
| SHA512 | eae18fc6b545fbace6623b03e534e2dbfc7c7519be26d65e21d63ac189df88738d41822838a1f272e22b626306429b7131eaaf781e41964309cbf804d2179e1b |
C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi
| MD5 | 56bb77c8701b0097e8a276db93b44a10 |
| SHA1 | 71174c476e3aa9dbd75a5f3c808dc8c7b598c0d4 |
| SHA256 | b9a02df9a0e121216313ba62c9b9b8b35935f4d645291996278c639766c7038e |
| SHA512 | 7c90b257c913d560c21048bdec805265d0c26bc7be025cd8cdef09d41196bbe3399a7ea0f8644f100f54aa1e80a633a473426c9407f7902bd6d4d447328c54a4 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-21 12:50
Reported
2025-04-21 12:52
Platform
win11-20250411-en
Max time kernel
56s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "tlgufvldujxcghyl.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "upnesleztlckrvpflvy.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "jdaqdvnharhouxqfkt.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "jdaqdvnharhouxqfkt.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "atpeqhyrjzouzbthl.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "upnesleztlckrvpflvy.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "tlgufvldujxcghyl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "wttmcxsplfyirxtltfkhh.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "tlgufvldujxcghyl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "atpeqhyrjzouzbthl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "tlgufvldujxcghyl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "upnesleztlckrvpflvy.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "wttmcxsplfyirxtltfkhh.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "jdaqdvnharhouxqfkt.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "tlgufvldujxcghyl.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "hdcujdxtohziqvqhozdz.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "jdaqdvnharhouxqfkt.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe ." | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "atpeqhyrjzouzbthl.exe ." | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gltusvydhjkcthllbvinvwuxa.jlm | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File created | C:\Program Files (x86)\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File created | C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File created | C:\Windows\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\hdcujdxtohziqvqhozdz.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\upnesleztlckrvpflvy.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\jdaqdvnharhouxqfkt.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\atpeqhyrjzouzbthl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\tlgufvldujxcghyl.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\wttmcxsplfyirxtltfkhh.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| File opened for modification | C:\Windows\nlmgxtpnkfzkubyrantrsm.exe | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\wttmcxsplfyirxtltfkhh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jdaqdvnharhouxqfkt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jdaqdvnharhouxqfkt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\jdaqdvnharhouxqfkt.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wdnqq.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe"
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
"C:\Users\Admin\AppData\Local\Temp\wdnqq.exe" "-C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe"
C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
"C:\Users\Admin\AppData\Local\Temp\wdnqq.exe" "-C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe
C:\Windows\hdcujdxtohziqvqhozdz.exe
hdcujdxtohziqvqhozdz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .
C:\Windows\tlgufvldujxcghyl.exe
tlgufvldujxcghyl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .
C:\Windows\jdaqdvnharhouxqfkt.exe
jdaqdvnharhouxqfkt.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\upnesleztlckrvpflvy.exe
upnesleztlckrvpflvy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .
C:\Windows\wttmcxsplfyirxtltfkhh.exe
wttmcxsplfyirxtltfkhh.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe
C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .
C:\Windows\atpeqhyrjzouzbthl.exe
atpeqhyrjzouzbthl.exe .
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| DE | 142.250.181.206:80 | www.youtube.com | tcp |
| BG | 84.252.17.72:32745 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| BG | 91.139.225.112:22099 | tcp | |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| BG | 91.139.163.229:35966 | tcp | |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | knrgfdzojrjn.info | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| BG | 78.90.117.109:23910 | tcp | |
| US | 8.8.8.8:53 | susocswc.com | udp |
| US | 8.8.8.8:53 | wxzwprpdecer.net | udp |
| BG | 84.54.188.106:42667 | tcp | |
| US | 8.8.8.8:53 | wbdvmisb.net | udp |
| US | 8.8.8.8:53 | jgpcscjgxwlg.info | udp |
| US | 8.8.8.8:53 | iarcmgz.net | udp |
| US | 8.8.8.8:53 | zgxcpl.net | udp |
| US | 8.8.8.8:53 | ucrgzny.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | uuqacmkyoycy.org | udp |
| NL | 94.156.2.40:19528 | tcp | |
| US | 8.8.8.8:53 | vtxhmv.info | udp |
| US | 8.8.8.8:53 | rydrzbkcl.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | mpdmonutqmaf.info | udp |
| US | 8.8.8.8:53 | zeveixqmebcv.net | udp |
| BG | 78.90.192.72:19514 | tcp | |
| US | 8.8.8.8:53 | zazwetpv.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| BG | 77.70.116.191:31734 | tcp | |
| US | 8.8.8.8:53 | kelehvv.net | udp |
| US | 8.8.8.8:53 | pdbbaamymjab.net | udp |
| US | 8.8.8.8:53 | wqtgjurep.info | udp |
| US | 8.8.8.8:53 | lsnexct.info | udp |
| BG | 94.101.199.211:13404 | tcp | |
| US | 8.8.8.8:53 | koksufhlxsd.net | udp |
| US | 8.8.8.8:53 | namyrqr.net | udp |
| BG | 79.132.20.114:27763 | tcp | |
| US | 8.8.8.8:53 | oneabhpbksug.info | udp |
| US | 8.8.8.8:53 | eawgyqacio.com | udp |
| MD | 86.106.241.174:26890 | tcp | |
| US | 8.8.8.8:53 | jzwkbctoll.net | udp |
| LT | 78.58.96.192:22644 | tcp | |
| US | 8.8.8.8:53 | ihwuqde.net | udp |
| US | 8.8.8.8:53 | dwfydjf.net | udp |
| US | 8.8.8.8:53 | cyumusogws.org | udp |
| US | 8.8.8.8:53 | tewylv.info | udp |
| MD | 109.185.7.135:27767 | tcp | |
| US | 8.8.8.8:53 | ripkjrf.net | udp |
| LT | 78.60.24.229:16096 | tcp | |
| US | 8.8.8.8:53 | ahbwdajml.net | udp |
| US | 8.8.8.8:53 | kyweyugs.org | udp |
| US | 8.8.8.8:53 | zwkczwrbhom.net | udp |
| LT | 87.247.104.183:29479 | tcp | |
| US | 8.8.8.8:53 | mqhqtnm.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| BG | 213.231.148.23:32442 | tcp | |
| US | 8.8.8.8:53 | ewskuoiqsu.org | udp |
| US | 8.8.8.8:53 | mhxxlwxd.net | udp |
| US | 8.8.8.8:53 | lczpgjbj.info | udp |
| BG | 78.90.4.217:21732 | tcp | |
| US | 8.8.8.8:53 | usbairkuyb.info | udp |
| US | 8.8.8.8:53 | lkqdtpgibst.org | udp |
| US | 8.8.8.8:53 | nxksmkxmhg.info | udp |
| US | 8.8.8.8:53 | hllonlhm.net | udp |
| US | 8.8.8.8:53 | mchsip.info | udp |
| BG | 92.247.250.85:44998 | tcp | |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | zngldraxoy.info | udp |
| US | 8.8.8.8:53 | jgokxot.net | udp |
| US | 8.8.8.8:53 | ducfreyynuf.com | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | ribcsxe.net | udp |
| US | 8.8.8.8:53 | ddihjo.info | udp |
| US | 8.8.8.8:53 | kqpcgpx.net | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
| MD5 | 1dd5dd5561723f37ccc81e15ecdbf830 |
| SHA1 | eeb9131c8d276ceb710d163e89fdc62b3e111971 |
| SHA256 | c8c542ac3f6526d1501c2b9d6262bfa029a1ac0d9dd6b3c1965977abdd8bd126 |
| SHA512 | b4881d7cd0c2ceeba067e13d23763e739389108d1269acd6c343dd308aa1fedde89da696a8482944342f44ea1094ea6b50021a15d4c6d03762ba032a9598bba5 |
C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe
| MD5 | c95a495a4c01031dd2c777a44c3fc9e4 |
| SHA1 | 51084a46294dd634450c6ac27d9ef870438c4d70 |
| SHA256 | 915d73145ca41654c2bd3a3b908de8f2df454c97bb351237bd5498b9954c789a |
| SHA512 | 152a18025948bc9d36f132eed09b3266c97843e0c6c110a3c35d51eeab48d360ca3ad26d25282b935681348eb0731aca6434b162a58e1996cc18e3aa48e1dcd6 |
C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
| MD5 | 6becea694a5409d14953ea1df8be3b74 |
| SHA1 | 568aa388ef8b47db160190df52c83b71c7133e5f |
| SHA256 | 219b0e47f0adabdd318ebacc51d9fdcac4e40bcf08293669713ffa4e36ac195b |
| SHA512 | 371cfd6fce4f8195beac04c2a388ecb669bb3dec00cf0441bc9ca14b32529ec9dbb4c920824269739e1c204261ab095761eda17242ef687574a1f386480a4b71 |
C:\Users\Admin\AppData\Local\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq
| MD5 | fee617ac7cb55ba113bf0f06f143a5aa |
| SHA1 | 1aaa145aae8b266d722e6e764d7e5e794c25873b |
| SHA256 | 1a989878c538458d0726264d8f0874ae6dd0046d605837619683a5f56588e73b |
| SHA512 | d19b89414cb285957fb52cd850aa850f68b23ef0c20afc8b054691f1136b940e59cb5038998e0d927851fd8cde1aa11ff9c1abfc325bc9c74e1af5e39cf4eed8 |
C:\Users\Admin\AppData\Local\gltusvydhjkcthllbvinvwuxa.jlm
| MD5 | 89ed0012b32b2b8bb6b7ab60386e829d |
| SHA1 | 0e9c289384fd2cce4d7c146febcbcbac03784150 |
| SHA256 | c4e4f89a8a0e5b20cea89eb7ccf7e0220b205c0efc781d0c87410674e8d78239 |
| SHA512 | 4ce1652ec3362f3613a61affb05c30f7f396f2308c0259d5a7569e3fb14f8d3a479d3e774395b381f6e82feb0eec7f1c4745125bcecd5b859b21387fb904a72e |
C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm
| MD5 | 5537f9b65f02055c747fcd66691ecb4f |
| SHA1 | cec85672719e2256a9b27866e75bcd0c279550b5 |
| SHA256 | d44b6bccfe21ea6683cdeb05fc99f6cae7ba6365bab414b935aaef5251d7f794 |
| SHA512 | a7e4493c7309a03b15068c37a7237bf6da515987acb5f11b7b2932fe5c7b1a4f72f68d02fd3282df12d80408b90d8de640d5d6d9c928fdc7b593d94bce6915ae |
C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm
| MD5 | 1edbac5a80ee8b4b689a36dc0fd7bf69 |
| SHA1 | 66bb8bce10c6e5f67242a9dcd7b1bd552c92155c |
| SHA256 | 05e561b66466065bfde84462ea6fcb3361f51bd503750f9d3f8474a3ebf72ae9 |
| SHA512 | 68057a5a009e9cef31fd3deed16ead42ba43d4059a13802b9eb469a658718fd0866646ac459e838fd58b4f8a3d38ede5629ea0c878b491bda67c5516e6484792 |
C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm
| MD5 | 8f42f2feeeae2808f0e2d89136625cac |
| SHA1 | 713b1fb84ad6821c585afc131dc46eafca8b7ebd |
| SHA256 | 9f96378ad705f59664a0959c6cbba522fca137012053256504406d0e81c1eb8e |
| SHA512 | f15692f8cf091534e51afcf275ba4c9a1f903b6274c0ada592747a7057afd56f156661cf83abc85614f749c0b14bb4b290b65b47ceb509e16159d3af68850d8a |
C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm
| MD5 | 18ad0400d9e0da8d3b70716444628414 |
| SHA1 | 399b60263774637b0098c6f6aaa2f0be45db23e8 |
| SHA256 | 9123a5360cef46f322496ff1e4095c3307df343d05d8967df890b5b4cdfe7d44 |
| SHA512 | 6bf11e3f08637a1fb58008ace1c21fb5ed87fd765310df2ee145b8005029a7be9e529fb4eb7926b9084f186397914f7156005122ab358ad8d374f4b010d8fbdf |
C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm
| MD5 | 1a3ee998ee5f5a35bdb27425897fb30b |
| SHA1 | 256dfd8ec89443d0cb63006cf1ad85757d45ad45 |
| SHA256 | 9b41a80615cb8ed3bdf905584425427022aa3dfbdbae05d9c4baf32783f7bcd6 |
| SHA512 | 45c3e515cf5fd4a0f80a2f8d3a9831bb56b7818483276c377f7cd6704639d06aa6602843ebfddff2dd25e7b1ce01429b8ba875a868ba86b90b6ec8f63d40f68f |
C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm
| MD5 | 8dbcfcded07baccc9cc5b56f18bbb078 |
| SHA1 | c8d685b8f1e53ec5be5dc14ef43f92a5818dfac3 |
| SHA256 | 03303858bebe0a0f6035de1ae7d910ee7ef9439e0df8421dc37bf502d08a50b4 |
| SHA512 | 8c34ec4cf8278967073c99f6dcf6b760fbe5dbb6c32daea220033dd39b9fd834ec997c74cde0e5957270fa5d08d82d369ba4565b9eb1e3856ff7dc7d92dd75f8 |