Malware Analysis Report

2025-08-10 16:33

Sample ID 250421-p2z3caxps9
Target JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4
SHA256 915d73145ca41654c2bd3a3b908de8f2df454c97bb351237bd5498b9954c789a
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

915d73145ca41654c2bd3a3b908de8f2df454c97bb351237bd5498b9954c789a

Threat Level: Known bad

The file JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

Pykspa family

UAC bypass

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Impair Defenses: Safe Mode Boot

Checks computer location settings

Executes dropped EXE

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System policy modification

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-21 12:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-21 12:50

Reported

2025-04-21 12:52

Platform

win10v2004-20250410-en

Max time kernel

41s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "khylibuferskjorhxw.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kxehudmn = "xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xhllv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\xxrhhdznpfjegoungillf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\khylibuferskjorhxw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Windows\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Windows\bxnzvnfpnzzqosujy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
N/A N/A C:\Windows\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Windows\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Windows\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Windows\khylibuferskjorhxw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Windows\khylibuferskjorhxw.exe N/A
N/A N/A C:\Windows\khylibuferskjorhxw.exe N/A
N/A N/A C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe N/A
N/A N/A C:\Windows\khylibuferskjorhxw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Windows\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Windows\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
N/A N/A C:\Windows\upepkbsbyjiyvyzn.exe N/A
N/A N/A C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "khylibuferskjorhxw.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "khylibuferskjorhxw.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "bxnzvnfpnzzqosujy.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "ihapojershkefmrjbced.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "bxnzvnfpnzzqosujy.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "khylibuferskjorhxw.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "khylibuferskjorhxw.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xxrhhdznpfjegoungillf.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "khylibuferskjorhxw.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "bxnzvnfpnzzqosujy.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "vtlzxrlxxlnggmqhyyz.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ujsxmxilch = "vtlzxrlxxlnggmqhyyz.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "vtlzxrlxxlnggmqhyyz.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxnzvnfpnzzqosujy.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "ihapojershkefmrjbced.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "vtlzxrlxxlnggmqhyyz.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "bxnzvnfpnzzqosujy.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mdovmzmrkrmy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khylibuferskjorhxw.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ityzkr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vtlzxrlxxlnggmqhyyz.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bpxbpzjlb = "xxrhhdznpfjegoungillf.exe" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ityzkr = "ihapojershkefmrjbced.exe" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3630502724-2561614198-3854231964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vhnpbjr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upepkbsbyjiyvyzn.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfpvlxjnflf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ihapojershkefmrjbced.exe ." C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\SysWOW64\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\SysWOW64\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File created C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Program Files (x86)\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File created C:\Program Files (x86)\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\opkbczwlofkgjsztnquvqh.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\upepkbsbyjiyvyzn.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\xxrhhdznpfjegoungillf.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
File opened for modification C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
File opened for modification C:\Windows\vtlzxrlxxlnggmqhyyz.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrhhdznpfjegoungillf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xxrhhdznpfjegoungillf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxnzvnfpnzzqosujy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ihapojershkefmrjbced.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vtlzxrlxxlnggmqhyyz.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4132 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 4132 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 4132 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 4932 wrote to memory of 5528 N/A C:\Windows\system32\cmd.exe C:\Windows\ihapojershkefmrjbced.exe
PID 4932 wrote to memory of 5528 N/A C:\Windows\system32\cmd.exe C:\Windows\ihapojershkefmrjbced.exe
PID 4932 wrote to memory of 5528 N/A C:\Windows\system32\cmd.exe C:\Windows\ihapojershkefmrjbced.exe
PID 2592 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\ihapojershkefmrjbced.exe
PID 2592 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\ihapojershkefmrjbced.exe
PID 2592 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\ihapojershkefmrjbced.exe
PID 384 wrote to memory of 3160 N/A C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 384 wrote to memory of 3160 N/A C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 384 wrote to memory of 3160 N/A C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 5768 wrote to memory of 6016 N/A C:\Windows\system32\cmd.exe C:\Windows\vtlzxrlxxlnggmqhyyz.exe
PID 5768 wrote to memory of 6016 N/A C:\Windows\system32\cmd.exe C:\Windows\vtlzxrlxxlnggmqhyyz.exe
PID 5768 wrote to memory of 6016 N/A C:\Windows\system32\cmd.exe C:\Windows\vtlzxrlxxlnggmqhyyz.exe
PID 3600 wrote to memory of 960 N/A C:\Windows\system32\cmd.exe C:\Windows\bxnzvnfpnzzqosujy.exe
PID 3600 wrote to memory of 960 N/A C:\Windows\system32\cmd.exe C:\Windows\bxnzvnfpnzzqosujy.exe
PID 3600 wrote to memory of 960 N/A C:\Windows\system32\cmd.exe C:\Windows\bxnzvnfpnzzqosujy.exe
PID 640 wrote to memory of 2744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
PID 640 wrote to memory of 2744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
PID 640 wrote to memory of 2744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
PID 960 wrote to memory of 4348 N/A C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 960 wrote to memory of 4348 N/A C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 960 wrote to memory of 4348 N/A C:\Windows\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 3196 wrote to memory of 5284 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
PID 3196 wrote to memory of 5284 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
PID 3196 wrote to memory of 5284 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe
PID 5284 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe C:\Windows\system32\cmd.exe
PID 5284 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe C:\Windows\system32\cmd.exe
PID 5284 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe C:\Windows\system32\cmd.exe
PID 808 wrote to memory of 3468 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 808 wrote to memory of 3468 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 808 wrote to memory of 3468 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 4452 wrote to memory of 5216 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
PID 4452 wrote to memory of 5216 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
PID 4452 wrote to memory of 5216 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe
PID 5216 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 5216 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 5216 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 828 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe
PID 828 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe
PID 828 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe
PID 828 wrote to memory of 5696 N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe
PID 828 wrote to memory of 5696 N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe
PID 828 wrote to memory of 5696 N/A C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe C:\Users\Admin\AppData\Local\Temp\xhllv.exe
PID 1804 wrote to memory of 3016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1804 wrote to memory of 3016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1804 wrote to memory of 3016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2712 wrote to memory of 5580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
PID 2712 wrote to memory of 5580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
PID 2712 wrote to memory of 5580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe
PID 4444 wrote to memory of 5656 N/A C:\Windows\system32\cmd.exe C:\Windows\vtlzxrlxxlnggmqhyyz.exe
PID 4444 wrote to memory of 5656 N/A C:\Windows\system32\cmd.exe C:\Windows\vtlzxrlxxlnggmqhyyz.exe
PID 4444 wrote to memory of 5656 N/A C:\Windows\system32\cmd.exe C:\Windows\vtlzxrlxxlnggmqhyyz.exe
PID 1240 wrote to memory of 4232 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1240 wrote to memory of 4232 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1240 wrote to memory of 4232 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5656 wrote to memory of 1612 N/A C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 5656 wrote to memory of 1612 N/A C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 5656 wrote to memory of 1612 N/A C:\Windows\ihapojershkefmrjbced.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 4232 wrote to memory of 4020 N/A C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 4232 wrote to memory of 4020 N/A C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 4232 wrote to memory of 4020 N/A C:\Windows\khylibuferskjorhxw.exe C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe
PID 5384 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\vtlzxrlxxlnggmqhyyz.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhllv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe"

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\xhllv.exe

"C:\Users\Admin\AppData\Local\Temp\xhllv.exe" "-C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe"

C:\Users\Admin\AppData\Local\Temp\xhllv.exe

"C:\Users\Admin\AppData\Local\Temp\xhllv.exe" "-C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\ihapojershkefmrjbced.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\bxnzvnfpnzzqosujy.exe*."

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Windows\bxnzvnfpnzzqosujy.exe

bxnzvnfpnzzqosujy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\ihapojershkefmrjbced.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Windows\khylibuferskjorhxw.exe

khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\khylibuferskjorhxw.exe*."

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe

C:\Users\Admin\AppData\Local\Temp\bxnzvnfpnzzqosujy.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\bxnzvnfpnzzqosujy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\vtlzxrlxxlnggmqhyyz.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\khylibuferskjorhxw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Users\Admin\AppData\Local\Temp\xxrhhdznpfjegoungillf.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\upepkbsbyjiyvyzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xxrhhdznpfjegoungillf.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\users\admin\appdata\local\temp\upepkbsbyjiyvyzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\xxrhhdznpfjegoungillf.exe

xxrhhdznpfjegoungillf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\xxrhhdznpfjegoungillf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\upepkbsbyjiyvyzn.exe

upepkbsbyjiyvyzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upepkbsbyjiyvyzn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vtlzxrlxxlnggmqhyyz.exe

vtlzxrlxxlnggmqhyyz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vtlzxrlxxlnggmqhyyz.exe .

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Users\Admin\AppData\Local\Temp\khylibuferskjorhxw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khylibuferskjorhxw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ihapojershkefmrjbced.exe

C:\Windows\ihapojershkefmrjbced.exe

ihapojershkefmrjbced.exe .

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

"C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe" "c:\windows\vtlzxrlxxlnggmqhyyz.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.google.com udp
DE 142.250.181.196:80 www.google.com tcp
BG 62.221.130.39:17704 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 moikamee.com udp
US 8.8.8.8:53 oaqkqiis.org udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 jatefotkvud.org udp
US 8.8.8.8:53 oooasi.com udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 aqvytwt.info udp
US 8.8.8.8:53 weailw.net udp
US 8.8.8.8:53 pitvnw.net udp
US 8.8.8.8:53 dizufihetx.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 hmbktwpbt.org udp
US 8.8.8.8:53 zvzhyopf.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 agukkowimk.com udp
US 8.8.8.8:53 ucgcjhh.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 qsekoukeokqg.com udp
US 8.8.8.8:53 uykmiuqo.org udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 luysjfb.com udp
US 8.8.8.8:53 fcynhv.info udp
US 8.8.8.8:53 srsatozxrchk.net udp
US 8.8.8.8:53 rwpspnhvrpo.org udp
US 8.8.8.8:53 hldbhcipp.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 cumaiy.org udp
US 8.8.8.8:53 mqihxnjodctj.info udp
US 8.8.8.8:53 oaygygaaoi.org udp
US 8.8.8.8:53 hyravgpfay.info udp
US 8.8.8.8:53 zuyqiemaml.info udp
US 8.8.8.8:53 dltgdtvifjqg.info udp
US 8.8.8.8:53 ysjizl.info udp
US 8.8.8.8:53 hmfurcniz.info udp
BG 77.85.139.88:27742 tcp
US 8.8.8.8:53 eknrxjruf.info udp
US 8.8.8.8:53 wfjktspmtut.info udp
US 8.8.8.8:53 dckcijzjneed.info udp
US 8.8.8.8:53 johoxgt.info udp
US 8.8.8.8:53 jxfebvvyxz.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 lwfypod.com udp
US 8.8.8.8:53 xqswhgjm.info udp
US 8.8.8.8:53 qmmaac.org udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 kuikme.com udp
US 8.8.8.8:53 zuhzeab.info udp
US 8.8.8.8:53 tiakorhqn.net udp
US 8.8.8.8:53 oapolzg.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 tclgxmk.com udp
US 8.8.8.8:53 qyooawes.com udp
US 8.8.8.8:53 hjddssuzls.info udp
US 8.8.8.8:53 saukwdt.net udp
US 8.8.8.8:53 kvedaxle.info udp
US 8.8.8.8:53 kcooooauiw.org udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 eweqqikkea.org udp
US 8.8.8.8:53 gpenjfhcdk.net udp
US 8.8.8.8:53 blekok.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 xvfuumog.info udp
US 8.8.8.8:53 gegynploxzw.net udp
US 8.8.8.8:53 ayqoma.com udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 uuimqocicqyw.org udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 hukglnfe.net udp
US 8.8.8.8:53 rltqnrca.info udp
BG 212.75.9.232:15356 tcp
US 8.8.8.8:53 ympitsw.info udp
US 8.8.8.8:53 qkseqw.com udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 yomsggss.org udp
US 8.8.8.8:53 qcvurin.net udp
US 8.8.8.8:53 hazovaquz.org udp
US 8.8.8.8:53 bqlobbdmr.net udp
US 8.8.8.8:53 ckzupae.info udp
US 8.8.8.8:53 zxtgfej.com udp
US 8.8.8.8:53 xvzumiq.org udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 uyfzrayfobls.info udp
US 8.8.8.8:53 wfdjzi.info udp
US 8.8.8.8:53 tcptygxhc.org udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 oaxuhshi.net udp
US 8.8.8.8:53 mjvtphaadm.net udp
US 8.8.8.8:53 hrbsgvbwu.net udp
US 8.8.8.8:53 ksmarutuxrs.net udp
US 8.8.8.8:53 lwnwdktijgp.info udp
US 8.8.8.8:53 onsihix.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 yeuqlybq.info udp
US 8.8.8.8:53 xxljgeeltnyp.info udp
US 8.8.8.8:53 gndqhjlb.net udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 eczfjddmvwqb.info udp
US 8.8.8.8:53 kmuqmiauykyy.org udp
US 8.8.8.8:53 btyewm.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 hvrnoiyqiffg.net udp
US 8.8.8.8:53 opjksthcaaf.net udp
US 8.8.8.8:53 hntbnhnzmed.com udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 jpwpfyuqbxw.info udp
US 8.8.8.8:53 mmoqeo.com udp
US 8.8.8.8:53 akkiaqamgi.org udp
US 8.8.8.8:53 ggiuwc.org udp
US 8.8.8.8:53 prwedbd.info udp
US 8.8.8.8:53 bklvfs.net udp
US 8.8.8.8:53 fhngbai.com udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 gozmketzjvr.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
BG 212.75.12.230:29925 tcp
US 8.8.8.8:53 hjgfzdbrum.net udp
US 8.8.8.8:53 guyaayw.net udp
US 8.8.8.8:53 vcfstxvsf.com udp
US 8.8.8.8:53 spdaumzndi.info udp
US 8.8.8.8:53 kmxcxkjop.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 nevebwgpv.info udp
US 8.8.8.8:53 turnvm.net udp
US 8.8.8.8:53 zsxefpw.info udp
US 8.8.8.8:53 tlrvmx.net udp
US 8.8.8.8:53 jlrxzfhn.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 iyrabgx.info udp
US 8.8.8.8:53 gfudxfziws.net udp
US 8.8.8.8:53 vranwj.net udp
US 8.8.8.8:53 yghkqyr.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 jupecmnww.org udp
US 8.8.8.8:53 tutguqsq.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 tefdqs.net udp
US 8.8.8.8:53 oydihhhi.info udp
US 8.8.8.8:53 uwuapyzql.info udp
US 8.8.8.8:53 ocjslgr.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 ixlxhsttgv.info udp
BG 92.247.105.3:29281 tcp
US 8.8.8.8:53 cbvuly.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 sclyvtaoud.info udp
US 8.8.8.8:53 qxkfdhkup.info udp
US 8.8.8.8:53 neeuhhdpvp.net udp
US 8.8.8.8:53 nanmfqkxe.org udp
US 8.8.8.8:53 wclazslaknj.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 orfmafjrvyvp.net udp
US 8.8.8.8:53 lmksdgntqsp.com udp
US 8.8.8.8:53 cukcqimagiyg.org udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 leurdumdx.info udp
US 8.8.8.8:53 tdscjkbcpvdl.info udp
US 8.8.8.8:53 zmywzotmdcv.org udp
US 8.8.8.8:53 bmbezdhpzd.info udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 dunvfk.info udp
US 8.8.8.8:53 ngklbg.net udp
US 8.8.8.8:53 nfrpcsbtva.net udp
US 8.8.8.8:53 ogxvom.net udp
US 8.8.8.8:53 oyacyaqssmkg.com udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 xbhcmja.net udp
US 8.8.8.8:53 muvdirplpg.net udp
US 8.8.8.8:53 kdnvyhchhj.info udp
US 8.8.8.8:53 ummocv.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 wanmhobzh.net udp
US 8.8.8.8:53 enkqvtjylh.info udp
BG 78.90.95.253:17142 tcp
US 8.8.8.8:53 fpdiqy.net udp
US 8.8.8.8:53 qsdwwe.net udp
US 8.8.8.8:53 dcqybxb.net udp
US 8.8.8.8:53 esffxqbwfxix.net udp
US 8.8.8.8:53 lclydqrcii.net udp
US 8.8.8.8:53 eirurm.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 kqahpuxzzu.info udp
US 8.8.8.8:53 zolcpbtynx.info udp
US 8.8.8.8:53 qfwvmqjz.net udp
US 8.8.8.8:53 agmhtfzyfbxn.info udp
US 8.8.8.8:53 notinuu.info udp
US 8.8.8.8:53 txbcwf.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 dljivorqbwr.net udp
US 8.8.8.8:53 tcbcjnbzm.org udp
US 8.8.8.8:53 meuozyd.info udp
US 8.8.8.8:53 abjzkz.info udp
BG 84.252.17.72:32745 tcp
US 8.8.8.8:53 ruspjgdhc.com udp
US 8.8.8.8:53 wugvpundvay.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 zkuila.info udp
US 8.8.8.8:53 buuvrkuqb.info udp
US 8.8.8.8:53 pwlmkcnqr.com udp
US 8.8.8.8:53 fonertbplmf.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 gjjmmqquhzd.net udp
US 8.8.8.8:53 gndosntdfg.net udp
US 8.8.8.8:53 mopdjlsprl.info udp
US 8.8.8.8:53 qqqiomwgumam.org udp
US 8.8.8.8:53 oqoxfzbeg.info udp
US 8.8.8.8:53 cjocyhvhljvd.info udp
US 8.8.8.8:53 ymvghpvq.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 huhclorgb.info udp
US 8.8.8.8:53 iwqsuw.org udp
US 8.8.8.8:53 skmqosoedc.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 lszkbxx.net udp
US 8.8.8.8:53 znlejovuqew.net udp
US 8.8.8.8:53 ggoqmioksw.org udp
US 8.8.8.8:53 xhvexuibpk.info udp
US 8.8.8.8:53 wshubuxcvmi.net udp
US 8.8.8.8:53 azlfou.info udp
BG 93.155.227.18:43755 tcp
US 8.8.8.8:53 angvoj.info udp
US 8.8.8.8:53 nynxoaij.net udp
US 8.8.8.8:53 hauzgcbyh.com udp
US 8.8.8.8:53 xkeptf.net udp
US 8.8.8.8:53 gykogquoom.org udp
US 8.8.8.8:53 lirezebem.net udp
US 8.8.8.8:53 iypmhrtklwx.net udp
US 8.8.8.8:53 pyskryzdre.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 nurrdlrfvkd.net udp
US 8.8.8.8:53 lrpqoa.info udp
US 8.8.8.8:53 dmnxwwbryjve.net udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 twzrppoz.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 egrcdwzrj.net udp
US 8.8.8.8:53 aqigcaf.net udp
US 8.8.8.8:53 gwjhzdwfd.info udp
US 8.8.8.8:53 fvblprdpji.info udp
US 8.8.8.8:53 vcdwhaezj.org udp
US 8.8.8.8:53 xtxharqsxd.info udp
US 8.8.8.8:53 qydvbuj.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 bkgppw.net udp
US 8.8.8.8:53 ismqceyewi.com udp
US 8.8.8.8:53 aeitnijy.net udp
US 8.8.8.8:53 usxoemybenvp.net udp
US 8.8.8.8:53 qwsqae.com udp
US 8.8.8.8:53 lgsnlwvyn.org udp
US 8.8.8.8:53 ugnwdivqc.net udp
US 8.8.8.8:53 fmhrxirb.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 zrmpfvzdzfmd.net udp
US 8.8.8.8:53 gnjydacld.net udp
US 8.8.8.8:53 sowxizr.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 xrlggm.info udp
US 8.8.8.8:53 khdqwn.info udp
US 8.8.8.8:53 gazrnrgvvjrv.net udp
US 8.8.8.8:53 xrzkzcpqhos.com udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 lgrkap.net udp
US 8.8.8.8:53 hkaoakhuxxj.net udp
BG 78.90.21.9:22307 tcp
US 8.8.8.8:53 ybjwdazmh.net udp
US 8.8.8.8:53 wmoycwic.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 zeveixqmebcv.net udp
US 8.8.8.8:53 yogqummkqccc.org udp
US 8.8.8.8:53 fwasfgq.com udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 egiehizwpo.net udp
US 8.8.8.8:53 bllmlxrcxel.net udp
US 8.8.8.8:53 vrimcs.info udp
US 8.8.8.8:53 iagqkkmowk.com udp
US 8.8.8.8:53 zazwetpv.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 fanttpzybtfc.net udp
US 8.8.8.8:53 iiumnibeazvy.net udp
US 8.8.8.8:53 wkhdicxyt.net udp
US 8.8.8.8:53 iswklk.info udp
US 8.8.8.8:53 tvgvuhpqeo.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 qmbxgiyyt.info udp
US 8.8.8.8:53 cskmwooyogwi.com udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 mgnnvpjyx.net udp
US 8.8.8.8:53 lcuupol.org udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 parszagv.info udp
US 8.8.8.8:53 ramdrhhy.info udp
US 8.8.8.8:53 edogletf.info udp
US 8.8.8.8:53 pntqnwolxd.net udp
US 8.8.8.8:53 fqalztcm.info udp
US 8.8.8.8:53 wqyega.com udp
US 8.8.8.8:53 esrcnez.info udp
US 8.8.8.8:53 hmkdntzodypq.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 exufpv.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 eaisasukqmym.com udp
BG 77.85.139.88:27742 tcp
US 8.8.8.8:53 vytdzekbatqs.info udp
US 8.8.8.8:53 reqwnmzybhe.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 aiygzkf.info udp
US 8.8.8.8:53 yyekkuqqkggq.org udp
US 8.8.8.8:53 fyzref.info udp
US 8.8.8.8:53 mkoyuoqyqm.com udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 eciasicg.com udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 kldelwdjeih.net udp
US 8.8.8.8:53 cevulwwrv.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 qwkqee.com udp
US 8.8.8.8:53 hblciyw.org udp
US 8.8.8.8:53 llhsoa.info udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ctrorvb.net udp
US 8.8.8.8:53 nepfhtuiek.net udp
US 8.8.8.8:53 mcqywckogk.org udp
US 8.8.8.8:53 c.pki.goog udp
DE 172.217.16.67:80 c.pki.goog tcp
US 8.8.8.8:53 ggaccytw.net udp
US 8.8.8.8:53 mctxlglc.net udp
US 8.8.8.8:53 fubdsnckgiej.net udp
US 8.8.8.8:53 vdtmynaz.info udp
US 8.8.8.8:53 miqabz.info udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 qmvyls.info udp
US 8.8.8.8:53 iuoccsyygs.org udp
US 8.8.8.8:53 xmamblgyboe.org udp
US 8.8.8.8:53 rmlyevhj.info udp
US 8.8.8.8:53 vcukwrrturt.com udp
US 8.8.8.8:53 yqsbxpfbuv.net udp
US 89.116.197.253:21499 tcp
US 8.8.8.8:53 qdsaksgdcqpu.info udp
US 8.8.8.8:53 gzxecejqu.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 xqxeelxf.net udp
US 8.8.8.8:53 lpiwbmd.com udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 gsgueeowqyma.org udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 raauhusu.info udp
US 8.8.8.8:53 nuyawgd.net udp
US 8.8.8.8:53 hhxifefy.net udp
US 8.8.8.8:53 suwiuqsq.com udp
US 8.8.8.8:53 zlvlcsxshn.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 ljsgrdiegz.info udp
US 8.8.8.8:53 wvdohgfwgl.net udp
US 8.8.8.8:53 ecgmqsgeuu.org udp
US 8.8.8.8:53 jakdsuxh.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 giztiauazy.info udp
US 8.8.8.8:53 rtbjdot.net udp
US 8.8.8.8:53 olslmyc.net udp
US 8.8.8.8:53 efmgzkd.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 kssodkprg.net udp
US 8.8.8.8:53 hfgtdbkg.net udp
US 8.8.8.8:53 hakqbyp.org udp
US 8.8.8.8:53 jehmqwtaj.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 cuwthzid.info udp
US 8.8.8.8:53 wskbral.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 qqlycigtjsl.info udp
US 8.8.8.8:53 zoaiuckqpmb.org udp
US 8.8.8.8:53 bbbbna.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 qapqhz.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 kckmfyayp.info udp
US 8.8.8.8:53 nprnpyhktl.info udp
US 8.8.8.8:53 dhhzrh.info udp
US 8.8.8.8:53 jxdbeqtcuf.info udp
US 8.8.8.8:53 nlsglgb.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 puutrsfyxnf.info udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 lsgqqjtokun.info udp
BG 89.252.199.25:32726 tcp
US 8.8.8.8:53 iuoeiqemwsei.org udp
US 8.8.8.8:53 uahbmpqyiz.info udp
US 8.8.8.8:53 ygiccywoek.com udp
US 8.8.8.8:53 nqrxvdpilb.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 wkbyemvathk.net udp
US 8.8.8.8:53 oamogi.com udp
US 8.8.8.8:53 iopydqzxvid.info udp
US 8.8.8.8:53 lpfuyhp.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 lddvllpltgpv.info udp
US 8.8.8.8:53 ycoqeogwee.com udp
US 8.8.8.8:53 kbzxtypoo.net udp
US 8.8.8.8:53 cqkwpf.net udp
US 8.8.8.8:53 feqyakheodg.com udp
US 8.8.8.8:53 bfpcqgfyh.com udp
US 8.8.8.8:53 ieweyywu.org udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 nweyxdm.net udp
US 8.8.8.8:53 bjkuoo.net udp
US 8.8.8.8:53 gskoysokom.com udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 bnmldbam.net udp
US 8.8.8.8:53 kroxtyy.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 ngvwdqf.net udp
US 8.8.8.8:53 oumsaomacaoc.org udp
US 8.8.8.8:53 uivgls.net udp
US 8.8.8.8:53 ulpqbuzq.info udp
US 8.8.8.8:53 yqlnftoodyt.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 kmkhrw.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 uizclwjnr.info udp
US 8.8.8.8:53 kvqjhbhi.net udp
US 8.8.8.8:53 jzmcrwsqxex.org udp
BG 95.43.69.150:28637 tcp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 jkoeecadfi.net udp
US 8.8.8.8:53 alesttdal.net udp
US 8.8.8.8:53 pkssmvha.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 dchipcm.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 gwqgciesoi.org udp
US 8.8.8.8:53 imlzlsfwrwp.info udp
US 8.8.8.8:53 iazxsql.net udp
US 8.8.8.8:53 zgzzzwdmwun.net udp
US 8.8.8.8:53 ayecomimmo.com udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 qkiesiguqe.org udp
US 8.8.8.8:53 hwivdwcg.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 yhuilxtvi.info udp
US 8.8.8.8:53 ikypset.net udp
US 8.8.8.8:53 ocvcuaclawvc.net udp
US 8.8.8.8:53 sqdsvs.net udp
US 8.8.8.8:53 pyosika.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 giqiaicg.info udp
US 8.8.8.8:53 uipeukg.info udp
US 8.8.8.8:53 cuiskkgeyy.com udp
US 8.8.8.8:53 ucnatgs.net udp
US 8.8.8.8:53 ersakmxuxbom.net udp
US 8.8.8.8:53 kclapsdvb.info udp
US 8.8.8.8:53 aqqkcgikik.com udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 bmxubwl.org udp
US 8.8.8.8:53 hrlotwop.net udp
US 8.8.8.8:53 npjxgherdmom.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 iantall.info udp
US 8.8.8.8:53 lshyzmg.net udp
US 8.8.8.8:53 wiiekmoqgocg.org udp
US 8.8.8.8:53 korphcnkh.info udp
US 8.8.8.8:53 ouxnksx.net udp
US 8.8.8.8:53 cqzqbjpuj.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 tkxopwl.net udp
US 8.8.8.8:53 mbdwnmjsooit.net udp
US 8.8.8.8:53 vjyhmkkzqw.net udp
LT 78.61.104.163:13457 tcp
US 8.8.8.8:53 mwzbulbk.info udp
US 8.8.8.8:53 rwxexyhmdytw.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 yoimayouws.com udp
US 8.8.8.8:53 yeetpfrzn.info udp
US 8.8.8.8:53 agqwme.com udp
US 8.8.8.8:53 wdioaphoqfaq.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 tszexmh.net udp
US 8.8.8.8:53 qwacgtfdqibo.net udp
US 8.8.8.8:53 bxxzsc.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 ksivfm.net udp
US 8.8.8.8:53 qkgftofbo.net udp
US 8.8.8.8:53 ciqaiieuougo.org udp
US 8.8.8.8:53 wsiqoqmikgie.com udp
BG 77.85.139.183:23584 tcp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 ggjqbko.info udp
US 8.8.8.8:53 wjttgqeez.info udp
US 8.8.8.8:53 onxmqkk.net udp
US 8.8.8.8:53 qgopkx.info udp
US 8.8.8.8:53 aunzkkuw.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 pxjfqz.info udp
US 8.8.8.8:53 nbnagc.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 eegcgiug.com udp
US 8.8.8.8:53 vgqptghwuww.net udp
US 8.8.8.8:53 lzeoasgihvzg.net udp
US 8.8.8.8:53 qbflvorag.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 xaejgol.info udp
US 8.8.8.8:53 ngqmxynmpgq.info udp
US 8.8.8.8:53 upkzmhiuyu.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 iykymi.com udp
US 8.8.8.8:53 tynmjaiyfcn.info udp
US 8.8.8.8:53 lopapyl.info udp
US 8.8.8.8:53 mulssisgd.net udp
US 8.8.8.8:53 rqdqqzj.net udp
US 8.8.8.8:53 ravzfmvuugw.info udp
US 8.8.8.8:53 bebdpbx.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 koqwau.org udp
US 8.8.8.8:53 fatydylwp.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 hwliyunoj.org udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 vhgqpumw.info udp
US 8.8.8.8:53 wotgasneh.net udp
US 8.8.8.8:53 cymqpglnb.info udp
US 8.8.8.8:53 agzitin.info udp
US 8.8.8.8:53 bqiicmdmmf.net udp
BG 94.156.130.52:34360 tcp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 zisuhebzqb.net udp
US 8.8.8.8:53 ebkkabk.net udp
US 8.8.8.8:53 vvtccubkju.info udp
US 8.8.8.8:53 hkhavjbmn.org udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 dkpjjqhnpn.net udp
US 8.8.8.8:53 dyvprmtahjp.com udp
US 8.8.8.8:53 bqruwauawov.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 huxwnqdcryfg.info udp
US 8.8.8.8:53 xgjtpdjpvydz.net udp
US 8.8.8.8:53 jditkjzb.info udp
US 8.8.8.8:53 tuxltt.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 yyawoiskew.com udp
US 8.8.8.8:53 sclexsgmu.net udp
US 8.8.8.8:53 mppvlxed.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 hbpcazxk.info udp
US 8.8.8.8:53 bsrszerux.info udp
US 8.8.8.8:53 qgzewmygjsw.net udp
US 8.8.8.8:53 usvwrjn.net udp
US 8.8.8.8:53 ovuajc.info udp
US 8.8.8.8:53 fyaorswqjvr.net udp
US 8.8.8.8:53 sqemkaym.com udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 referapui.net udp
US 8.8.8.8:53 uxgmenvx.info udp
US 8.8.8.8:53 lemaqfjfj.com udp
US 8.8.8.8:53 vjrfbinimowg.net udp
US 8.8.8.8:53 gcgoaquw.org udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 qgpkzml.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 vattvlnjrnhe.info udp
US 8.8.8.8:53 fcfgzsidxqtg.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 cdqodlzrrshq.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 oaeiyickiawy.com udp
US 8.8.8.8:53 hfibyocobw.net udp
US 8.8.8.8:53 nihmtuqtdkb.org udp
US 8.8.8.8:53 qsgckoeuyq.org udp
US 8.8.8.8:53 kxldwaoqfn.info udp
BG 77.70.116.191:31734 tcp
US 8.8.8.8:53 pepjhipwh.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 vzxlsh.net udp
US 8.8.8.8:53 zumttp.net udp
US 8.8.8.8:53 yofdpnfzdu.info udp
US 8.8.8.8:53 okowauoa.com udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 xyjwtuglisy.com udp
US 8.8.8.8:53 eisaagmg.com udp
US 8.8.8.8:53 vurdeonfc.com udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 nvszogsfpc.info udp
US 8.8.8.8:53 vgbfugpgbp.info udp
US 8.8.8.8:53 wedsguzygla.info udp
US 8.8.8.8:53 agwkik.com udp
US 8.8.8.8:53 qoowqmagiiau.org udp
US 8.8.8.8:53 kqmyiqimgkcm.org udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 eyhrpqemz.info udp
US 8.8.8.8:53 uhpoewhnhqu.net udp
US 8.8.8.8:53 fwruxargoum.com udp
US 8.8.8.8:53 cmyxpmrvqh.info udp
US 8.8.8.8:53 kateqf.net udp
US 8.8.8.8:53 yktwzeigcmj.net udp
US 8.8.8.8:53 bvsaoopwlaj.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 iogascswumyc.org udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 nbxxrnjvdl.info udp
US 8.8.8.8:53 jvkonecbzg.net udp
US 8.8.8.8:53 xhtuxibnkyp.com udp
US 8.8.8.8:53 jehyhpbob.com udp
LT 78.58.125.219:39486 tcp
US 8.8.8.8:53 ucvwflolqoje.info udp
US 8.8.8.8:53 xwfyvpn.org udp
US 8.8.8.8:53 ercpvn.net udp
US 8.8.8.8:53 pcbybug.org udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 iitwgazup.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 ioueburwv.info udp
US 8.8.8.8:53 bydljtrt.net udp
US 8.8.8.8:53 zabcayd.org udp
US 8.8.8.8:53 ytywhuuwch.info udp
US 8.8.8.8:53 zizcxulmw.org udp
US 8.8.8.8:53 ovktfuv.net udp
US 8.8.8.8:53 lshjozhx.info udp
US 8.8.8.8:53 tmhpvqphvbtw.info udp
US 8.8.8.8:53 dnyidwf.info udp
BG 95.111.26.29:13427 tcp
US 8.8.8.8:53 usnlpgs.info udp
US 8.8.8.8:53 twrwocw.org udp
US 8.8.8.8:53 eeplucxunya.info udp
US 8.8.8.8:53 awgktaycbob.net udp
US 8.8.8.8:53 gygkxzwmpya.info udp
US 8.8.8.8:53 vmxsdnlhawur.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 jipgzkbyv.net udp
US 8.8.8.8:53 vmpgzgfnnv.net udp
US 8.8.8.8:53 eebrlsrvieea.info udp
US 8.8.8.8:53 rmvwhmchhl.info udp
US 8.8.8.8:53 wbxejuwch.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 qolwhifef.net udp
US 8.8.8.8:53 fqhugcamj.info udp
US 8.8.8.8:53 avkooqwsmkw.net udp
US 8.8.8.8:53 zinpltran.net udp
US 8.8.8.8:53 birkhytcjmk.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 isdvjxndtd.info udp
US 8.8.8.8:53 glchcepxzlsc.info udp
US 8.8.8.8:53 rojetszrs.net udp
US 8.8.8.8:53 yyxmwexscc.net udp
US 8.8.8.8:53 gzyxgevrvwrj.info udp
US 8.8.8.8:53 nzdfka.info udp
US 8.8.8.8:53 wkpagkodvpvt.info udp
US 8.8.8.8:53 cmacaauc.com udp
US 8.8.8.8:53 hvuiaxgf.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 vbaqpqikz.org udp
US 8.8.8.8:53 xucuzohgj.info udp
US 8.8.8.8:53 lvpdbgfz.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 sqcgyuamwu.com udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 kbjqlgjovkz.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 sgeoqiewgoqk.com udp

Files

C:\Users\Admin\AppData\Local\Temp\zkcawfogjum.exe

MD5 1dd5dd5561723f37ccc81e15ecdbf830
SHA1 eeb9131c8d276ceb710d163e89fdc62b3e111971
SHA256 c8c542ac3f6526d1501c2b9d6262bfa029a1ac0d9dd6b3c1965977abdd8bd126
SHA512 b4881d7cd0c2ceeba067e13d23763e739389108d1269acd6c343dd308aa1fedde89da696a8482944342f44ea1094ea6b50021a15d4c6d03762ba032a9598bba5

C:\Windows\SysWOW64\khylibuferskjorhxw.exe

MD5 c95a495a4c01031dd2c777a44c3fc9e4
SHA1 51084a46294dd634450c6ac27d9ef870438c4d70
SHA256 915d73145ca41654c2bd3a3b908de8f2df454c97bb351237bd5498b9954c789a
SHA512 152a18025948bc9d36f132eed09b3266c97843e0c6c110a3c35d51eeab48d360ca3ad26d25282b935681348eb0731aca6434b162a58e1996cc18e3aa48e1dcd6

C:\Users\Admin\AppData\Local\Temp\xhllv.exe

MD5 9519379078f2a747e4a5c5b5124fdca7
SHA1 248347e34769545776ba392753b934b7422ec854
SHA256 e6e23135d6a754e3234f4bb52bdfb6702f22c36d72c177e6b1ba6e5972bd6018
SHA512 035ec7862a1ea18d46e6c8f9ae78cd768c66bf1014143c5ebd18c543d1bdaf54662eab245766edee5048b9f55498a8e51f2d5dac005bff944ddb56ac9299ebd9

C:\Users\Admin\AppData\Local\xhllvbhfrrfkwoehkwjtxxhntrd.rwi

MD5 a4d293e07ec2a1deb145572d6784f976
SHA1 4d3c666b547ffae4624997acaaf810445c285d4b
SHA256 e994d1e737e9622520874db646f1d8e8e748a35ee0ce672e3b31fc765624ef67
SHA512 a157f11e60908915a2ade2cc208f3d43e1439691fe5d4f2d41737dc85ad65d6397f374567dc8afbce76161edb7f4b7d07822ba2f3dede890b9efcb577df6d957

C:\Users\Admin\AppData\Local\upepkbsbyjiyvyznbywrgrmdudalkaxabpdayt.tof

MD5 871500230e819ea8a31aa0a6886156e3
SHA1 c34d5647988cfc221a3d159bb097449b516ec709
SHA256 200f842fdb257ada7dbf40dd13ad98a3f9906528e57bf7966c3e7f58183273fe
SHA512 c0113fc5b3538431044d91b3645d7442c6e10e890af5d24572ba362146d573e2b2bc75411aa8ad8c7c58ddce15987b310d1229808877800a80f7af39639e3ba4

C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi

MD5 f2ddee26eb3763ed504349f0e59a36fb
SHA1 6b5c86e5c7ee2f9cab752b0e9c0456bac164688d
SHA256 4c1fe6581d764c8dc51f2a7171869bfa282497eab8b115925166d58b2f547098
SHA512 5e57470de05c4b4f8e3cfb6062d5c7ac5c5eef9be201dcd57d8e6fe4e436f9c77c2ceae3dfae3462a83878a276ba93905047b44b540de28bab8af7ad4e38f0a9

C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi

MD5 3d11800274986aabe3eaf80f07243ba8
SHA1 549496e05110a3c5140f754584909ba904ab2d81
SHA256 3a285af87bf6c27bca669d467b8a7770208f1cc59583556d5abe244bfadd2bec
SHA512 f2b248e8af395f9fcccc5c143d3d6c2253451fcd1d976d2618180fd3bf78bd2bfb4ec81edac4ffe43a03abb9ba71f7cda8cf9fe62ed121727fc4ed5f86263dc9

C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi

MD5 1ebd22856dadb4921ae495f51d8bc282
SHA1 1d70d34d23fdd7ea0d04c35c8d57deaaadf96946
SHA256 40c849512f2669395a2ff0890818c1a9865c20fd8e3733c4c7665f37d46690bd
SHA512 37bab0358747b220787f5e84e45c0ae12c67d51cb5cae252046546813e3101e2114d68f3e4c47610635f34e6108038f117128c0c205752caf7af66218a05d171

C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi

MD5 fc9f079300121200f55b8b551a9d5222
SHA1 37ea894badc039a40be7cfa372dca94f64eabd1d
SHA256 e34f0c36ae5274c6a91842470b34f9a17d024d09e1c0ada3ad59a4f1277a025f
SHA512 764d16f12ca9b89f94d6c6583a60e5296b491f9f8e3cb0e72a3d3753037f95a1cf777c31b68f2c484135fd0619f200d903d62184d48466a491d80c58089fbc05

C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi

MD5 1f43f9fee151e934434397e7d6d807a0
SHA1 f66cd632566921fb515b4ef766c7d2f090888da9
SHA256 95deac9b2aee86d4b81e8e4c7bc66008d4c5db51c3a3926a880a0a5e43251b2a
SHA512 eae18fc6b545fbace6623b03e534e2dbfc7c7519be26d65e21d63ac189df88738d41822838a1f272e22b626306429b7131eaaf781e41964309cbf804d2179e1b

C:\Program Files (x86)\xhllvbhfrrfkwoehkwjtxxhntrd.rwi

MD5 56bb77c8701b0097e8a276db93b44a10
SHA1 71174c476e3aa9dbd75a5f3c808dc8c7b598c0d4
SHA256 b9a02df9a0e121216313ba62c9b9b8b35935f4d645291996278c639766c7038e
SHA512 7c90b257c913d560c21048bdec805265d0c26bc7be025cd8cdef09d41196bbe3399a7ea0f8644f100f54aa1e80a633a473426c9407f7902bd6d4d447328c54a4

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-21 12:50

Reported

2025-04-21 12:52

Platform

win11-20250411-en

Max time kernel

56s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hpaefl = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\glt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\upnesleztlckrvpflvy.exe N/A
N/A N/A C:\Windows\atpeqhyrjzouzbthl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Windows\upnesleztlckrvpflvy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
N/A N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Windows\atpeqhyrjzouzbthl.exe N/A
N/A N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\upnesleztlckrvpflvy.exe N/A
N/A N/A C:\Windows\upnesleztlckrvpflvy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Windows\atpeqhyrjzouzbthl.exe N/A
N/A N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
N/A N/A C:\Windows\tlgufvldujxcghyl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\upnesleztlckrvpflvy.exe N/A
N/A N/A C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Windows\tlgufvldujxcghyl.exe N/A
N/A N/A C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Windows\jdaqdvnharhouxqfkt.exe N/A
N/A N/A C:\Windows\upnesleztlckrvpflvy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
N/A N/A C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
N/A N/A C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "tlgufvldujxcghyl.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "upnesleztlckrvpflvy.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "jdaqdvnharhouxqfkt.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "jdaqdvnharhouxqfkt.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "atpeqhyrjzouzbthl.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "upnesleztlckrvpflvy.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "tlgufvldujxcghyl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "wttmcxsplfyirxtltfkhh.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tlgufvldujxcghyl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "tlgufvldujxcghyl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "atpeqhyrjzouzbthl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "tlgufvldujxcghyl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\ntce = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "upnesleztlckrvpflvy.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "wttmcxsplfyirxtltfkhh.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "jdaqdvnharhouxqfkt.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\alzgktcnx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\upnesleztlckrvpflvy.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "tlgufvldujxcghyl.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jtgmpxfp = "hdcujdxtohziqvqhozdz.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wttmcxsplfyirxtltfkhh.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ntce = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tfuchrbnyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "jdaqdvnharhouxqfkt.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\udpuwdk = "wttmcxsplfyirxtltfkhh.exe" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atpeqhyrjzouzbthl.exe ." C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wdnqq = "atpeqhyrjzouzbthl.exe ." C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\SysWOW64\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\SysWOW64\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\SysWOW64\gltusvydhjkcthllbvinvwuxa.jlm C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File created C:\Program Files (x86)\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File created C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File created C:\Windows\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\jdaqdvnharhouxqfkt.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\tlgufvldujxcghyl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
File opened for modification C:\Windows\nlmgxtpnkfzkubyrantrsm.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wttmcxsplfyirxtltfkhh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jdaqdvnharhouxqfkt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jdaqdvnharhouxqfkt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jdaqdvnharhouxqfkt.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2752 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 2752 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 2752 wrote to memory of 3788 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 5944 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 5944 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 5944 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 4792 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\atpeqhyrjzouzbthl.exe
PID 4792 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\atpeqhyrjzouzbthl.exe
PID 4792 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\atpeqhyrjzouzbthl.exe
PID 4872 wrote to memory of 5084 N/A C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4872 wrote to memory of 5084 N/A C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4872 wrote to memory of 5084 N/A C:\Windows\atpeqhyrjzouzbthl.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 3180 wrote to memory of 4016 N/A C:\Windows\system32\cmd.exe C:\Windows\hdcujdxtohziqvqhozdz.exe
PID 3180 wrote to memory of 4016 N/A C:\Windows\system32\cmd.exe C:\Windows\hdcujdxtohziqvqhozdz.exe
PID 3180 wrote to memory of 4016 N/A C:\Windows\system32\cmd.exe C:\Windows\hdcujdxtohziqvqhozdz.exe
PID 4288 wrote to memory of 4876 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 4288 wrote to memory of 4876 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 4288 wrote to memory of 4876 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 1772 wrote to memory of 2300 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
PID 1772 wrote to memory of 2300 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
PID 1772 wrote to memory of 2300 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
PID 4876 wrote to memory of 1148 N/A C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4876 wrote to memory of 1148 N/A C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4876 wrote to memory of 1148 N/A C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4672 wrote to memory of 2460 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
PID 4672 wrote to memory of 2460 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
PID 4672 wrote to memory of 2460 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
PID 2460 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 2460 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 2460 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4532 wrote to memory of 3288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
PID 4532 wrote to memory of 3288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
PID 4532 wrote to memory of 3288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe
PID 432 wrote to memory of 4772 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
PID 432 wrote to memory of 4772 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
PID 432 wrote to memory of 4772 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe
PID 4772 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4772 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 4772 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 3788 wrote to memory of 5300 N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
PID 3788 wrote to memory of 5300 N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
PID 3788 wrote to memory of 5300 N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
PID 3788 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
PID 3788 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
PID 3788 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe C:\Users\Admin\AppData\Local\Temp\wdnqq.exe
PID 4724 wrote to memory of 1872 N/A C:\Windows\system32\cmd.exe C:\Windows\wttmcxsplfyirxtltfkhh.exe
PID 4724 wrote to memory of 1872 N/A C:\Windows\system32\cmd.exe C:\Windows\wttmcxsplfyirxtltfkhh.exe
PID 4724 wrote to memory of 1872 N/A C:\Windows\system32\cmd.exe C:\Windows\wttmcxsplfyirxtltfkhh.exe
PID 1684 wrote to memory of 3916 N/A C:\Windows\system32\cmd.exe C:\Windows\atpeqhyrjzouzbthl.exe
PID 1684 wrote to memory of 3916 N/A C:\Windows\system32\cmd.exe C:\Windows\atpeqhyrjzouzbthl.exe
PID 1684 wrote to memory of 3916 N/A C:\Windows\system32\cmd.exe C:\Windows\atpeqhyrjzouzbthl.exe
PID 1852 wrote to memory of 492 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1852 wrote to memory of 492 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1852 wrote to memory of 492 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 492 wrote to memory of 6124 N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 492 wrote to memory of 6124 N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 492 wrote to memory of 6124 N/A C:\Windows\wttmcxsplfyirxtltfkhh.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe
PID 236 wrote to memory of 1440 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 236 wrote to memory of 1440 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 236 wrote to memory of 1440 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2968 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 2968 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 2968 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\upnesleztlckrvpflvy.exe
PID 1440 wrote to memory of 3344 N/A C:\Windows\upnesleztlckrvpflvy.exe C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wdnqq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe"

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c95a495a4c01031dd2c777a44c3fc9e4.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\wdnqq.exe

"C:\Users\Admin\AppData\Local\Temp\wdnqq.exe" "-C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe"

C:\Users\Admin\AppData\Local\Temp\wdnqq.exe

"C:\Users\Admin\AppData\Local\Temp\wdnqq.exe" "-C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe .

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Users\Admin\AppData\Local\Temp\tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hdcujdxtohziqvqhozdz.exe

C:\Windows\hdcujdxtohziqvqhozdz.exe

hdcujdxtohziqvqhozdz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe .

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe

C:\Users\Admin\AppData\Local\Temp\hdcujdxtohziqvqhozdz.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\hdcujdxtohziqvqhozdz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tlgufvldujxcghyl.exe .

C:\Windows\tlgufvldujxcghyl.exe

tlgufvldujxcghyl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\tlgufvldujxcghyl.exe*."

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jdaqdvnharhouxqfkt.exe .

C:\Windows\jdaqdvnharhouxqfkt.exe

jdaqdvnharhouxqfkt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\jdaqdvnharhouxqfkt.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Users\Admin\AppData\Local\Temp\wttmcxsplfyirxtltfkhh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\atpeqhyrjzouzbthl.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\upnesleztlckrvpflvy.exe

upnesleztlckrvpflvy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wttmcxsplfyirxtltfkhh.exe .

C:\Windows\wttmcxsplfyirxtltfkhh.exe

wttmcxsplfyirxtltfkhh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\atpeqhyrjzouzbthl.exe

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\wttmcxsplfyirxtltfkhh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\jdaqdvnharhouxqfkt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Users\Admin\AppData\Local\Temp\jdaqdvnharhouxqfkt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe

C:\Users\Admin\AppData\Local\Temp\upnesleztlckrvpflvy.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\users\admin\appdata\local\temp\upnesleztlckrvpflvy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atpeqhyrjzouzbthl.exe .

C:\Windows\atpeqhyrjzouzbthl.exe

atpeqhyrjzouzbthl.exe .

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

"C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe" "c:\windows\atpeqhyrjzouzbthl.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
DE 142.250.181.206:80 www.youtube.com tcp
BG 84.252.17.72:32745 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
BG 91.139.225.112:22099 tcp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 ddpobim.org udp
BG 91.139.163.229:35966 tcp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 knrgfdzojrjn.info udp
US 8.8.8.8:53 kgucribs.info udp
BG 78.90.117.109:23910 tcp
US 8.8.8.8:53 susocswc.com udp
US 8.8.8.8:53 wxzwprpdecer.net udp
BG 84.54.188.106:42667 tcp
US 8.8.8.8:53 wbdvmisb.net udp
US 8.8.8.8:53 jgpcscjgxwlg.info udp
US 8.8.8.8:53 iarcmgz.net udp
US 8.8.8.8:53 zgxcpl.net udp
US 8.8.8.8:53 ucrgzny.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 uuqacmkyoycy.org udp
NL 94.156.2.40:19528 tcp
US 8.8.8.8:53 vtxhmv.info udp
US 8.8.8.8:53 rydrzbkcl.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 mpdmonutqmaf.info udp
US 8.8.8.8:53 zeveixqmebcv.net udp
BG 78.90.192.72:19514 tcp
US 8.8.8.8:53 zazwetpv.net udp
US 8.8.8.8:53 gaqkygwq.org udp
BG 77.70.116.191:31734 tcp
US 8.8.8.8:53 kelehvv.net udp
US 8.8.8.8:53 pdbbaamymjab.net udp
US 8.8.8.8:53 wqtgjurep.info udp
US 8.8.8.8:53 lsnexct.info udp
BG 94.101.199.211:13404 tcp
US 8.8.8.8:53 koksufhlxsd.net udp
US 8.8.8.8:53 namyrqr.net udp
BG 79.132.20.114:27763 tcp
US 8.8.8.8:53 oneabhpbksug.info udp
US 8.8.8.8:53 eawgyqacio.com udp
MD 86.106.241.174:26890 tcp
US 8.8.8.8:53 jzwkbctoll.net udp
LT 78.58.96.192:22644 tcp
US 8.8.8.8:53 ihwuqde.net udp
US 8.8.8.8:53 dwfydjf.net udp
US 8.8.8.8:53 cyumusogws.org udp
US 8.8.8.8:53 tewylv.info udp
MD 109.185.7.135:27767 tcp
US 8.8.8.8:53 ripkjrf.net udp
LT 78.60.24.229:16096 tcp
US 8.8.8.8:53 ahbwdajml.net udp
US 8.8.8.8:53 kyweyugs.org udp
US 8.8.8.8:53 zwkczwrbhom.net udp
LT 87.247.104.183:29479 tcp
US 8.8.8.8:53 mqhqtnm.info udp
US 8.8.8.8:53 oaewcmmi.com udp
BG 213.231.148.23:32442 tcp
US 8.8.8.8:53 ewskuoiqsu.org udp
US 8.8.8.8:53 mhxxlwxd.net udp
US 8.8.8.8:53 lczpgjbj.info udp
BG 78.90.4.217:21732 tcp
US 8.8.8.8:53 usbairkuyb.info udp
US 8.8.8.8:53 lkqdtpgibst.org udp
US 8.8.8.8:53 nxksmkxmhg.info udp
US 8.8.8.8:53 hllonlhm.net udp
US 8.8.8.8:53 mchsip.info udp
BG 92.247.250.85:44998 tcp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 zngldraxoy.info udp
US 8.8.8.8:53 jgokxot.net udp
US 8.8.8.8:53 ducfreyynuf.com udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 ribcsxe.net udp
US 8.8.8.8:53 ddihjo.info udp
US 8.8.8.8:53 kqpcgpx.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp

Files

C:\Users\Admin\AppData\Local\Temp\oonjvdbdyyx.exe

MD5 1dd5dd5561723f37ccc81e15ecdbf830
SHA1 eeb9131c8d276ceb710d163e89fdc62b3e111971
SHA256 c8c542ac3f6526d1501c2b9d6262bfa029a1ac0d9dd6b3c1965977abdd8bd126
SHA512 b4881d7cd0c2ceeba067e13d23763e739389108d1269acd6c343dd308aa1fedde89da696a8482944342f44ea1094ea6b50021a15d4c6d03762ba032a9598bba5

C:\Windows\SysWOW64\jdaqdvnharhouxqfkt.exe

MD5 c95a495a4c01031dd2c777a44c3fc9e4
SHA1 51084a46294dd634450c6ac27d9ef870438c4d70
SHA256 915d73145ca41654c2bd3a3b908de8f2df454c97bb351237bd5498b9954c789a
SHA512 152a18025948bc9d36f132eed09b3266c97843e0c6c110a3c35d51eeab48d360ca3ad26d25282b935681348eb0731aca6434b162a58e1996cc18e3aa48e1dcd6

C:\Users\Admin\AppData\Local\Temp\wdnqq.exe

MD5 6becea694a5409d14953ea1df8be3b74
SHA1 568aa388ef8b47db160190df52c83b71c7133e5f
SHA256 219b0e47f0adabdd318ebacc51d9fdcac4e40bcf08293669713ffa4e36ac195b
SHA512 371cfd6fce4f8195beac04c2a388ecb669bb3dec00cf0441bc9ca14b32529ec9dbb4c920824269739e1c204261ab095761eda17242ef687574a1f386480a4b71

C:\Users\Admin\AppData\Local\lbugpdrhwjvyazozafdtmyhvjzobnqsrgrsx.leq

MD5 fee617ac7cb55ba113bf0f06f143a5aa
SHA1 1aaa145aae8b266d722e6e764d7e5e794c25873b
SHA256 1a989878c538458d0726264d8f0874ae6dd0046d605837619683a5f56588e73b
SHA512 d19b89414cb285957fb52cd850aa850f68b23ef0c20afc8b054691f1136b940e59cb5038998e0d927851fd8cde1aa11ff9c1abfc325bc9c74e1af5e39cf4eed8

C:\Users\Admin\AppData\Local\gltusvydhjkcthllbvinvwuxa.jlm

MD5 89ed0012b32b2b8bb6b7ab60386e829d
SHA1 0e9c289384fd2cce4d7c146febcbcbac03784150
SHA256 c4e4f89a8a0e5b20cea89eb7ccf7e0220b205c0efc781d0c87410674e8d78239
SHA512 4ce1652ec3362f3613a61affb05c30f7f396f2308c0259d5a7569e3fb14f8d3a479d3e774395b381f6e82feb0eec7f1c4745125bcecd5b859b21387fb904a72e

C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm

MD5 5537f9b65f02055c747fcd66691ecb4f
SHA1 cec85672719e2256a9b27866e75bcd0c279550b5
SHA256 d44b6bccfe21ea6683cdeb05fc99f6cae7ba6365bab414b935aaef5251d7f794
SHA512 a7e4493c7309a03b15068c37a7237bf6da515987acb5f11b7b2932fe5c7b1a4f72f68d02fd3282df12d80408b90d8de640d5d6d9c928fdc7b593d94bce6915ae

C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm

MD5 1edbac5a80ee8b4b689a36dc0fd7bf69
SHA1 66bb8bce10c6e5f67242a9dcd7b1bd552c92155c
SHA256 05e561b66466065bfde84462ea6fcb3361f51bd503750f9d3f8474a3ebf72ae9
SHA512 68057a5a009e9cef31fd3deed16ead42ba43d4059a13802b9eb469a658718fd0866646ac459e838fd58b4f8a3d38ede5629ea0c878b491bda67c5516e6484792

C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm

MD5 8f42f2feeeae2808f0e2d89136625cac
SHA1 713b1fb84ad6821c585afc131dc46eafca8b7ebd
SHA256 9f96378ad705f59664a0959c6cbba522fca137012053256504406d0e81c1eb8e
SHA512 f15692f8cf091534e51afcf275ba4c9a1f903b6274c0ada592747a7057afd56f156661cf83abc85614f749c0b14bb4b290b65b47ceb509e16159d3af68850d8a

C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm

MD5 18ad0400d9e0da8d3b70716444628414
SHA1 399b60263774637b0098c6f6aaa2f0be45db23e8
SHA256 9123a5360cef46f322496ff1e4095c3307df343d05d8967df890b5b4cdfe7d44
SHA512 6bf11e3f08637a1fb58008ace1c21fb5ed87fd765310df2ee145b8005029a7be9e529fb4eb7926b9084f186397914f7156005122ab358ad8d374f4b010d8fbdf

C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm

MD5 1a3ee998ee5f5a35bdb27425897fb30b
SHA1 256dfd8ec89443d0cb63006cf1ad85757d45ad45
SHA256 9b41a80615cb8ed3bdf905584425427022aa3dfbdbae05d9c4baf32783f7bcd6
SHA512 45c3e515cf5fd4a0f80a2f8d3a9831bb56b7818483276c377f7cd6704639d06aa6602843ebfddff2dd25e7b1ce01429b8ba875a868ba86b90b6ec8f63d40f68f

C:\Program Files (x86)\gltusvydhjkcthllbvinvwuxa.jlm

MD5 8dbcfcded07baccc9cc5b56f18bbb078
SHA1 c8d685b8f1e53ec5be5dc14ef43f92a5818dfac3
SHA256 03303858bebe0a0f6035de1ae7d910ee7ef9439e0df8421dc37bf502d08a50b4
SHA512 8c34ec4cf8278967073c99f6dcf6b760fbe5dbb6c32daea220033dd39b9fd834ec997c74cde0e5957270fa5d08d82d369ba4565b9eb1e3856ff7dc7d92dd75f8