Malware Analysis Report

2025-08-10 16:33

Sample ID 250422-qde8pswvhy
Target JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1
SHA256 270dce235ce96e14c6472a545008e2e80c489f41b21f8ce9db95a60dd18f99c3
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

270dce235ce96e14c6472a545008e2e80c489f41b21f8ce9db95a60dd18f99c3

Threat Level: Known bad

The file JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

Modifies WinLogon for persistence

Pykspa family

UAC bypass

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks computer location settings

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-22 13:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-22 13:08

Reported

2025-04-22 13:11

Platform

win11-20250410-en

Max time kernel

54s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhkdmycpyns = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzzpvefp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\avghysezqnacfinbnlg.exe N/A
N/A N/A C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Windows\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
N/A N/A C:\Windows\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Windows\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Windows\pjttjcnhxtfgikobmj.exe N/A
N/A N/A C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Windows\avghysezqnacfinbnlg.exe N/A
N/A N/A C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\zrzxlcldrlvuuuwh.exe N/A
N/A N/A C:\Windows\zrzxlcldrlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\zrzxlcldrlvuuuwh.exe N/A
N/A N/A C:\Windows\pjttjcnhxtfgikobmj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
N/A N/A C:\Windows\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
N/A N/A C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
N/A N/A C:\Windows\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
N/A N/A C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe N/A
N/A N/A C:\Windows\pjttjcnhxtfgikobmj.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "pjttjcnhxtfgikobmj.exe ." C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe ." C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "njvxpkxtljxaeiodqplx.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "njvxpkxtljxaeiodqplx.exe ." C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "czmpiespihwafkrhvvsfi.exe ." C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "pjttjcnhxtfgikobmj.exe ." C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "czmpiespihwafkrhvvsfi.exe ." C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "zrzxlcldrlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "pjttjcnhxtfgikobmj.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "njvxpkxtljxaeiodqplx.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "czmpiespihwafkrhvvsfi.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "avghysezqnacfinbnlg.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qfkfqekzkbieb = "gzihwoyrgbmmnordn.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njvxpkxtljxaeiodqplx.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zlnfnybnvj = "njvxpkxtljxaeiodqplx.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czmpiespihwafkrhvvsfi.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\rfjdnaftdtzu = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "gzihwoyrgbmmnordn.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjttjcnhxtfgikobmj.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rhnjvkrhtltqom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe ." C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ulspcsarexgedcd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zrzxlcldrlvuuuwh.exe" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\grsjqacnu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avghysezqnacfinbnlg.exe" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\SysWOW64\ehajikehglgqbmzvpvyrazb.yxc C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\SysWOW64\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\SysWOW64\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File created C:\Program Files (x86)\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File created C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File created C:\Windows\ehajikehglgqbmzvpvyrazb.yxc C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\trfjdapnhhxciowncdbptn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\njvxpkxtljxaeiodqplx.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\avghysezqnacfinbnlg.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
File opened for modification C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avghysezqnacfinbnlg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avghysezqnacfinbnlg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avghysezqnacfinbnlg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avghysezqnacfinbnlg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzihwoyrgbmmnordn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zrzxlcldrlvuuuwh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njvxpkxtljxaeiodqplx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czmpiespihwafkrhvvsfi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avghysezqnacfinbnlg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2264 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 2264 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 2264 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4792 wrote to memory of 3404 N/A C:\Windows\system32\cmd.exe C:\Windows\avghysezqnacfinbnlg.exe
PID 4792 wrote to memory of 3404 N/A C:\Windows\system32\cmd.exe C:\Windows\avghysezqnacfinbnlg.exe
PID 4792 wrote to memory of 3404 N/A C:\Windows\system32\cmd.exe C:\Windows\avghysezqnacfinbnlg.exe
PID 2036 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 2036 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 2036 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 1552 wrote to memory of 4904 N/A C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 1552 wrote to memory of 4904 N/A C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 1552 wrote to memory of 4904 N/A C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4880 wrote to memory of 5080 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 4880 wrote to memory of 5080 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 4880 wrote to memory of 5080 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 5048 wrote to memory of 4996 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 5048 wrote to memory of 4996 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 5048 wrote to memory of 4996 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 5300 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
PID 5300 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
PID 5300 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
PID 4996 wrote to memory of 2316 N/A C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4996 wrote to memory of 2316 N/A C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4996 wrote to memory of 2316 N/A C:\Windows\gzihwoyrgbmmnordn.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 6088 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
PID 6088 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
PID 6088 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe
PID 4024 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4024 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4024 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 872 wrote to memory of 5268 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
PID 872 wrote to memory of 5268 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
PID 872 wrote to memory of 5268 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe
PID 2344 wrote to memory of 3652 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
PID 2344 wrote to memory of 3652 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
PID 2344 wrote to memory of 3652 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe
PID 3652 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 3652 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 3652 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 3716 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
PID 3716 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
PID 3716 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
PID 3716 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
PID 3716 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
PID 3716 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe C:\Users\Admin\AppData\Local\Temp\cjgtw.exe
PID 484 wrote to memory of 1208 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 484 wrote to memory of 1208 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 484 wrote to memory of 1208 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 3128 wrote to memory of 2096 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 3128 wrote to memory of 2096 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 3128 wrote to memory of 2096 N/A C:\Windows\system32\cmd.exe C:\Windows\gzihwoyrgbmmnordn.exe
PID 3888 wrote to memory of 4504 N/A C:\Windows\system32\cmd.exe C:\Windows\pjttjcnhxtfgikobmj.exe
PID 3888 wrote to memory of 4504 N/A C:\Windows\system32\cmd.exe C:\Windows\pjttjcnhxtfgikobmj.exe
PID 3888 wrote to memory of 4504 N/A C:\Windows\system32\cmd.exe C:\Windows\pjttjcnhxtfgikobmj.exe
PID 1468 wrote to memory of 5236 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 1468 wrote to memory of 5236 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 1468 wrote to memory of 5236 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe
PID 4504 wrote to memory of 1496 N/A C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4504 wrote to memory of 1496 N/A C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 4504 wrote to memory of 1496 N/A C:\Windows\pjttjcnhxtfgikobmj.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5236 wrote to memory of 652 N/A C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5236 wrote to memory of 652 N/A C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5236 wrote to memory of 652 N/A C:\Windows\czmpiespihwafkrhvvsfi.exe C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
PID 5804 wrote to memory of 1484 N/A C:\Windows\system32\cmd.exe C:\Windows\czmpiespihwafkrhvvsfi.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\cjgtw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe"

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_ce23cbd71cc033cecb1958623ee620c1.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\cjgtw.exe

"C:\Users\Admin\AppData\Local\Temp\cjgtw.exe" "-C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe"

C:\Users\Admin\AppData\Local\Temp\cjgtw.exe

"C:\Users\Admin\AppData\Local\Temp\cjgtw.exe" "-C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\avghysezqnacfinbnlg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe .

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Users\Admin\AppData\Local\Temp\avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

C:\Windows\njvxpkxtljxaeiodqplx.exe

njvxpkxtljxaeiodqplx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe .

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\avghysezqnacfinbnlg.exe*."

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zrzxlcldrlvuuuwh.exe .

C:\Windows\zrzxlcldrlvuuuwh.exe

zrzxlcldrlvuuuwh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\zrzxlcldrlvuuuwh.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\zrzxlcldrlvuuuwh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\czmpiespihwafkrhvvsfi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe

C:\Users\Admin\AppData\Local\Temp\gzihwoyrgbmmnordn.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\pjttjcnhxtfgikobmj.exe

pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzihwoyrgbmmnordn.exe .

C:\Windows\gzihwoyrgbmmnordn.exe

gzihwoyrgbmmnordn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\czmpiespihwafkrhvvsfi.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\gzihwoyrgbmmnordn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\pjttjcnhxtfgikobmj.exe*."

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Users\Admin\AppData\Local\Temp\pjttjcnhxtfgikobmj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe

C:\Users\Admin\AppData\Local\Temp\njvxpkxtljxaeiodqplx.exe .

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\njvxpkxtljxaeiodqplx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czmpiespihwafkrhvvsfi.exe

C:\Windows\czmpiespihwafkrhvvsfi.exe

czmpiespihwafkrhvvsfi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avghysezqnacfinbnlg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\avghysezqnacfinbnlg.exe

avghysezqnacfinbnlg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njvxpkxtljxaeiodqplx.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
DE 142.251.209.137:80 www.blogger.com tcp
BG 77.71.2.17:36937 tcp
DE 85.214.228.140:80 kgielb.info tcp
SG 13.214.182.154:80 walpnmyrw.net tcp
US 104.156.155.94:80 jexkhytfwddl.info tcp
AU 86.38.88.113:15750 tcp
US 8.8.8.8:53 kdnqpoh.info udp
BG 95.111.62.254:32629 tcp
US 8.8.8.8:53 oowqfaa.info udp
US 8.8.8.8:53 klnajewatoz.net udp
US 8.8.8.8:53 bbkopbgx.net udp
US 8.8.8.8:53 nyxozjwas.net udp
BG 213.231.138.107:28101 tcp
US 8.8.8.8:53 rexvbcj.info udp
US 8.8.8.8:53 qcrgay.info udp
LT 88.119.161.80:18660 tcp
US 8.8.8.8:53 nmavhfu.org udp
US 8.8.8.8:53 aqiwmyai.org udp
US 8.8.8.8:53 ssdybmhqc.net udp
US 8.8.8.8:53 cqcafaz.info udp
BG 95.111.62.254:32629 tcp
US 8.8.8.8:53 eyzuvkt.info udp
US 8.8.8.8:53 wkbgtwjqb.net udp
BG 109.121.242.192:45510 tcp
US 8.8.8.8:53 tuhgqarb.net udp
US 8.8.8.8:53 sacyyemmmags.org udp
US 8.8.8.8:53 zkhshsjul.info udp
US 8.8.8.8:53 ywsqznkqcws.info udp
BG 88.80.122.104:39111 tcp
US 8.8.8.8:53 jvpmklibug.net udp
US 8.8.8.8:53 bthzwjgxug.net udp
BG 95.87.215.173:36449 tcp
US 8.8.8.8:53 lemrzadcb.com udp
US 8.8.8.8:53 kfcyvkqzskfw.info udp
US 8.8.8.8:53 xlizwrhw.info udp
LT 78.58.127.143:15222 tcp
US 8.8.8.8:53 zolaxrnqfkb.net udp
LT 78.58.4.60:20252 tcp
US 8.8.8.8:53 mgyimumi.org udp
US 8.8.8.8:53 ccgasssoyw.com udp
LT 78.61.195.32:20345 tcp
US 8.8.8.8:53 rmkvpv.info udp
US 8.8.8.8:53 ffkjhufe.info udp
US 8.8.8.8:53 cgbknan.net udp
US 8.8.8.8:53 ckjeesxuj.info udp
LT 78.62.224.81:35486 tcp
US 8.8.8.8:53 pefbeyzgq.org udp
US 8.8.8.8:53 ymssey.com udp
US 8.8.8.8:53 yelcfatsbqn.info udp
US 8.8.8.8:53 hqmqkoxcm.info udp
PT 89.116.195.245:24488 tcp
US 8.8.8.8:53 uvgviwur.info udp
US 8.8.8.8:53 xevbbybil.net udp
US 8.8.8.8:53 czazvwqaemn.net udp
US 8.8.8.8:53 louymi.info udp
LT 78.62.82.62:25833 tcp
US 8.8.8.8:53 rcakpthqmol.net udp
US 8.8.8.8:53 wehdvwjephj.net udp
DE 85.214.228.140:80 kgielb.info tcp
SG 13.214.182.154:80 walpnmyrw.net tcp
US 104.156.155.94:80 jexkhytfwddl.info tcp
BG 93.183.183.3:17593 tcp
US 8.8.8.8:53 lqxxbxjjushd.info udp
US 8.8.8.8:53 larpqwfi.net udp
ES 94.73.54.183:26385 tcp
US 8.8.8.8:53 jgrwvml.info udp
US 8.8.8.8:53 uvndqsxhg.info udp
US 8.8.8.8:53 fmvaezgdpwx.com udp
US 8.8.8.8:53 oowqfaa.info udp
US 8.8.8.8:53 wodkdyk.net udp
US 8.8.8.8:53 cqtavyn.net udp
US 8.8.8.8:53 xgsefzm.com udp
US 8.8.8.8:53 cqpblckecxly.net udp
US 8.8.8.8:53 ccqdtyvqbys.info udp
US 8.8.8.8:53 tdjrbb.info udp
US 8.8.8.8:53 cmaeaeomsmgm.com udp
US 8.8.8.8:53 ahfngvtb.info udp
US 8.8.8.8:53 scscka.com udp
US 8.8.8.8:53 ugrcnfqtpyl.net udp
US 8.8.8.8:53 feznzv.net udp
US 8.8.8.8:53 pqjgknpyt.info udp
US 8.8.8.8:53 vwtoxuzax.net udp
US 8.8.8.8:53 twxqjwzk.info udp
US 8.8.8.8:53 omeygqcqyucy.com udp
US 8.8.8.8:53 juiujid.org udp
US 8.8.8.8:53 birshn.net udp
US 8.8.8.8:53 cikaugfdfs.net udp
US 8.8.8.8:53 jvhzhccygax.org udp
US 8.8.8.8:53 dgrydww.info udp
US 8.8.8.8:53 wkhtrctoh.net udp
US 8.8.8.8:53 oksygc.org udp
US 8.8.8.8:53 esuqumgeoc.com udp
US 8.8.8.8:53 tupuxkqajod.com udp
US 8.8.8.8:53 pgcvtzlu.net udp
US 8.8.8.8:53 ltcazh.net udp
US 8.8.8.8:53 qavvqital.info udp
US 8.8.8.8:53 wdzwvsy.net udp
US 8.8.8.8:53 pdjstqhpandu.net udp
US 8.8.8.8:53 rxlbuafe.net udp
US 8.8.8.8:53 peeqrazamh.net udp
US 8.8.8.8:53 zbosmuj.net udp
US 8.8.8.8:53 eiuoaakw.org udp
US 8.8.8.8:53 zkfqvyfpv.com udp
US 8.8.8.8:53 epieyl.net udp
US 8.8.8.8:53 jrhutut.org udp
US 8.8.8.8:53 uagasoao.com udp
US 8.8.8.8:53 cmrvpuwms.net udp
US 8.8.8.8:53 wcfnlu.info udp
US 8.8.8.8:53 qhnohshvw.net udp
US 8.8.8.8:53 fvhyqkpqdwst.info udp
US 8.8.8.8:53 ucwmoumwymuc.com udp
US 8.8.8.8:53 aupiqadwu.net udp
US 8.8.8.8:53 ciwacksw.com udp
US 8.8.8.8:53 zakfvnuu.net udp
US 8.8.8.8:53 jqfqjiagf.info udp
US 8.8.8.8:53 vwcslinzs.com udp
US 8.8.8.8:53 nhrrld.info udp
US 8.8.8.8:53 zznwhnjofut.info udp
US 8.8.8.8:53 nygqhmzun.info udp
US 8.8.8.8:53 taxpbp.info udp
US 8.8.8.8:53 kmhwbwh.info udp
US 8.8.8.8:53 cebjpyltnu.net udp
US 8.8.8.8:53 jksholyztups.info udp
US 8.8.8.8:53 tbzfbsmm.info udp
US 8.8.8.8:53 okgccrvs.net udp
US 8.8.8.8:53 gewegc.org udp
US 8.8.8.8:53 ztqilgzv.net udp
US 8.8.8.8:53 jqbcyolmf.info udp
US 8.8.8.8:53 tmlinbmb.info udp
US 8.8.8.8:53 rieuxbwmvg.info udp
US 8.8.8.8:53 lkjjvkcuv.net udp
US 8.8.8.8:53 iidfjaxm.info udp
US 8.8.8.8:53 ymsciwsqsoey.org udp
US 8.8.8.8:53 iupgmiw.info udp
US 8.8.8.8:53 mzqsrxpiwxvl.net udp
US 8.8.8.8:53 ufyziehq.net udp
US 8.8.8.8:53 tujmcwb.info udp
US 8.8.8.8:53 fikabkhybxw.org udp
US 8.8.8.8:53 ztrgigatbjgs.info udp
US 8.8.8.8:53 ieuyycwqwkoc.com udp
US 8.8.8.8:53 yvhceagog.net udp
US 8.8.8.8:53 fhjevs.net udp
US 8.8.8.8:53 ztrczgnqt.info udp
US 8.8.8.8:53 eeaoqqwmkm.org udp
US 8.8.8.8:53 iakjsodugwp.net udp
US 8.8.8.8:53 wabtojhyts.net udp
US 8.8.8.8:53 uimqwaycag.com udp
US 8.8.8.8:53 nebtunbeh.org udp
US 8.8.8.8:53 byprpj.net udp
US 8.8.8.8:53 frdsmbhefbym.net udp
US 8.8.8.8:53 gflijqoujwy.net udp
US 8.8.8.8:53 opijpok.info udp
US 8.8.8.8:53 zxebhskrcn.info udp
BG 87.120.123.32:43497 tcp
US 8.8.8.8:53 sonwdwhxrck.info udp
US 8.8.8.8:53 lvtyhqheccxw.net udp
US 8.8.8.8:53 supcjir.net udp
US 8.8.8.8:53 yokwmw.com udp
US 8.8.8.8:53 xilbnlhhsz.info udp
US 8.8.8.8:53 yxdcbkjz.info udp
US 8.8.8.8:53 mcygkwqm.org udp
US 8.8.8.8:53 irlhbubaeq.info udp
US 8.8.8.8:53 wakslmqcvks.info udp
US 8.8.8.8:53 simkgkkmcigi.com udp
US 8.8.8.8:53 ptmxljkr.info udp
US 8.8.8.8:53 fewdhf.info udp
US 8.8.8.8:53 xrvmfpbqhipd.net udp
US 8.8.8.8:53 gohojtixduv.info udp
US 8.8.8.8:53 yguoxoj.net udp
US 8.8.8.8:53 jxcsgestbkig.net udp
US 8.8.8.8:53 kcyowkao.com udp
US 8.8.8.8:53 pimerftnrv.info udp
US 8.8.8.8:53 qhkcuyj.info udp
US 8.8.8.8:53 zmnprckzdsq.org udp
US 8.8.8.8:53 wckwksiseo.com udp
US 8.8.8.8:53 gcdbdgtyxez.net udp
US 8.8.8.8:53 ijevrjmd.net udp
US 8.8.8.8:53 ebkdbofm.net udp
US 8.8.8.8:53 ialsfnaqy.net udp
US 8.8.8.8:53 iilrlohnhnh.info udp
US 8.8.8.8:53 bmdrbznzfq.info udp
US 8.8.8.8:53 jimkfylz.info udp
US 8.8.8.8:53 suaawe.org udp
US 8.8.8.8:53 mgqiuk.com udp
US 8.8.8.8:53 jqlnkcjqk.net udp
US 8.8.8.8:53 pifpsi.net udp
US 8.8.8.8:53 gjoieqt.net udp
US 8.8.8.8:53 ayvjaphixbvv.info udp
US 8.8.8.8:53 mhnnqyayup.info udp
US 8.8.8.8:53 ootknwfif.net udp
US 8.8.8.8:53 lxhewirho.net udp
US 8.8.8.8:53 ekhuhobsv.info udp
US 8.8.8.8:53 rdbtnkbuzagk.net udp
US 8.8.8.8:53 pyjijevexje.net udp
US 8.8.8.8:53 vjjjeujpli.net udp
US 8.8.8.8:53 aqiwmyai.org udp
US 8.8.8.8:53 nskhnlkl.net udp
US 8.8.8.8:53 mqyzyqtydaxu.net udp
US 8.8.8.8:53 iyxxayc.net udp
US 8.8.8.8:53 uqgcsa.com udp
US 8.8.8.8:53 fdygvtpuse.info udp
US 8.8.8.8:53 swlmkovddcp.net udp
US 8.8.8.8:53 ejjmqczyncn.info udp
US 8.8.8.8:53 wmvwrsj.net udp
US 8.8.8.8:53 lkmrwxik.net udp
US 8.8.8.8:53 zugauui.info udp
US 8.8.8.8:53 tcpbcllr.info udp
US 8.8.8.8:53 xpltga.net udp
US 8.8.8.8:53 zutagbtdnoxk.net udp
US 8.8.8.8:53 hurkpv.info udp
US 8.8.8.8:53 jibkvapyu.info udp
US 8.8.8.8:53 sagsmu.com udp
US 8.8.8.8:53 hcfdjb.net udp
US 8.8.8.8:53 kmwkikwwwm.org udp
US 8.8.8.8:53 bspkiyozhaf.net udp
US 8.8.8.8:53 ikaofemxze.net udp
US 8.8.8.8:53 gnzpxs.net udp
US 8.8.8.8:53 bfvhsatmq.com udp
US 8.8.8.8:53 yvbwugrnjv.info udp
US 8.8.8.8:53 wmcauomiay.com udp
US 8.8.8.8:53 plgcwwlhz.org udp
US 8.8.8.8:53 fzpxxofkfhkf.net udp
US 8.8.8.8:53 kumgaeewicsy.org udp
US 8.8.8.8:53 souobkislmb.net udp
US 8.8.8.8:53 qerofmbgxsy.info udp
US 8.8.8.8:53 uhkdrnzknot.net udp
US 8.8.8.8:53 ccqcmusukkce.org udp
US 8.8.8.8:53 pqdxdeez.net udp
US 8.8.8.8:53 oimwoycw.com udp
US 8.8.8.8:53 mkrhhdvgj.info udp
US 8.8.8.8:53 nebbbqqermn.com udp
US 8.8.8.8:53 uogicigmue.org udp
US 8.8.8.8:53 vshojgufl.info udp
US 8.8.8.8:53 gvtmfaxn.net udp
US 8.8.8.8:53 vfoqjji.net udp
US 8.8.8.8:53 kiuykkwgsoii.com udp
US 8.8.8.8:53 sifcvxqr.net udp
US 8.8.8.8:53 qeavjcpcojby.info udp
US 8.8.8.8:53 wqeackuewq.com udp
US 8.8.8.8:53 qyokgfmstqrl.info udp
US 8.8.8.8:53 gwfcwdn.net udp
US 8.8.8.8:53 pmswgpzjxcl.info udp
US 8.8.8.8:53 mpwmvekw.info udp
US 8.8.8.8:53 pkxnftaviu.info udp
US 8.8.8.8:53 ecaxpk.info udp
US 8.8.8.8:53 mfiukx.net udp
US 8.8.8.8:53 ipzyvg.net udp
US 8.8.8.8:53 ezzekefsau.net udp
US 8.8.8.8:53 bohahun.com udp
US 8.8.8.8:53 pmkjtfqint.info udp
US 8.8.8.8:53 tvnxbc.net udp
US 8.8.8.8:53 gurwcewak.net udp
US 8.8.8.8:53 pfdhignj.net udp
US 8.8.8.8:53 ugwykw.org udp
US 8.8.8.8:53 gscoawecsuec.org udp
US 8.8.8.8:53 tkvltrgf.net udp
US 8.8.8.8:53 abriltdkagas.net udp
US 8.8.8.8:53 nhyqrp.info udp
US 8.8.8.8:53 izxmov.info udp
US 8.8.8.8:53 lqfdpkpeesj.org udp
US 8.8.8.8:53 olijdrlmzb.net udp
US 8.8.8.8:53 ndncedor.info udp
US 8.8.8.8:53 tkzcjudkoudh.info udp
US 8.8.8.8:53 nxichdfufz.net udp
US 8.8.8.8:53 dctxvtxeq.com udp
US 8.8.8.8:53 rksshfydh.org udp
US 8.8.8.8:53 iudaiyiutga.net udp
US 8.8.8.8:53 aqmkhxo.net udp
US 8.8.8.8:53 dxfbwmtwa.com udp
US 8.8.8.8:53 ewiwowaeoaym.com udp
US 8.8.8.8:53 fwrhago.com udp
US 8.8.8.8:53 qmgnqyayup.net udp
US 8.8.8.8:53 domhboffgsj.org udp
US 8.8.8.8:53 vcztbwhrval.com udp
US 8.8.8.8:53 mqikqmkc.org udp
US 8.8.8.8:53 ksyvbgn.net udp
US 8.8.8.8:53 olwwzvbjuvtp.info udp
US 8.8.8.8:53 ndhfgrucbg.net udp
US 8.8.8.8:53 yffbsbvpxj.net udp
DE 87.121.55.155:15843 tcp
US 8.8.8.8:53 uoripa.info udp
US 8.8.8.8:53 jztyih.net udp
US 8.8.8.8:53 trmpdopurehp.info udp
US 8.8.8.8:53 vghrznsx.info udp
US 8.8.8.8:53 gtwgjuhgzb.info udp

Files

C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe

MD5 2512476e7a1ded0f5cb213d86d6dd279
SHA1 1e9a59922c89ba5816895435236ae24b2d7d2708
SHA256 a2d1dc560b9a118a86d1cbb9983d895e23b42b0cff8e40c4c05c63ebd82b7192
SHA512 f5500ea62ec18f03d6909576c58e5ddefcacfd46624410f8294c17bfa788256705b7700e9dd7f75c8a981a51a269f9de7d51212b664465cce9a7da370bf4090e

C:\Windows\SysWOW64\pjttjcnhxtfgikobmj.exe

MD5 ce23cbd71cc033cecb1958623ee620c1
SHA1 ee0c07c78a5eeb4216a4e178e871f04ef0ba9b00
SHA256 270dce235ce96e14c6472a545008e2e80c489f41b21f8ce9db95a60dd18f99c3
SHA512 9a26d99303a7e07e4b5be581d4621d8af9705106ef6f26ab5326911c0d0aa065658951c5ca5c3b7dc1c4603c65a5ff0b8dbed4dbbc43b7bcd3d93dafa18b6a73

C:\Users\Admin\AppData\Local\Temp\cjgtw.exe

MD5 5434734dfe6c4bc148621c5e88350d67
SHA1 92e4a6a2bba9170cf4af598ffb465c95c866e691
SHA256 609ce70a7d493b2dedc2e7782ba021b54ddca146f5e8cdee6b4335bc06268f48
SHA512 f546c8975aa6489bd4f0f03172fefa5c008726d0e19553e331fdd0d6dc38b7f8fd93ad5f7c3219b8406bc43e941c35f342b7251a55ab035a97ad967379b6b080

C:\Users\Admin\AppData\Local\rfjdnaftdtzuqmkrwnbfzjwbpzpvqmigns.xbv

MD5 b67c6177af40750f1010e272be76dd62
SHA1 ff9e67f09139c6fb2a33d99bdbc774a965eeb5c6
SHA256 cd508d555c649316843e5563fa304fb9b8c699088f21b3149a0700b10f4d91f5
SHA512 c1848044f93b47d45a6126d727facad1f753c96c97ce579680fc8da0a9f2ba1fe8ed73d86617c1d8022e81f0f452442ade4ecd0664a84919848329bf84cdd42f

C:\Users\Admin\AppData\Local\ehajikehglgqbmzvpvyrazb.yxc

MD5 e529d6feb27c6508a725b288c3db6e79
SHA1 0b6d2d8e142e25d4f95502c7ea34e350c5533935
SHA256 654ec5f9059bc4d62f7d929bf858513d9da10ffe56ec560cc96771929c1528a5
SHA512 fd95014c71b16d25c3eb90344236d93f56fc9b9dac6c59959b8ecc40bf1c5f921815a7bef4b83deb1676bcc17d44c41edaf8fc6ccf1c0c6740e3c02cb660c33c

C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc

MD5 accea39c7af13a3cfe38468e500032fb
SHA1 8ef70f1ed4b5f60e614309b0cc47604b2fab7b8e
SHA256 7cd7e79d2806f87dc80a694fbc4c1fdad31f2f85f8ad93e726f38a913917d2a5
SHA512 e317a4e337f431cdedbb6fdf8bcb6d8cb127ea2e2bca93f0c0589d9394146eb4337ac26bf0326e3a18b7a995da7a2f713fcfe8de3019d9f277255f7241d38415

C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc

MD5 46c7839e83713ca3adc4523990eb9a63
SHA1 9f28aff0e65dc9e9e03b72af4a0dd2944016b113
SHA256 fb424669e016850774671fa706c35c0d425da98d1f9360388aab43050b8ba31f
SHA512 5d71420d8ec07578e2288a794092a9b3e3348c11c9961bfe051198a7277aaf5a3d1fbf39652b5d5faac668c6ffe7d810d3ff7accaf1d1966c958171793ccc140

C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc

MD5 847721a93f8f448c657cddfaa0ac7ac5
SHA1 644100d1ac98b61271efd150c54bed06886b7e08
SHA256 d40d88c5e44f6330c0aff039a46aa500dc79cc573138e23a861f1808e1e71abf
SHA512 79ee2ab25fc514381b01533b3ce917608cea8d419015a0720f17a71fce58b8c8e55dd8d5c252ff31f4c40ceaae54dd1db7712d1336bb57b13a46c65aa4afac79

C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc

MD5 de1798206ee0d521013e6bc7cd18c94a
SHA1 055d4c639f3dc3bb78c7271c8ec6b5dee87f8b43
SHA256 37bda3c9d69e6d0874ad156d4cd09a9b0a3a56531711e66049a1540aff5051a0
SHA512 d55af13be9ee12701748c49cef1c622cf40813e3ad5b118f519712e478dc413a22d1ba8228544acea5d7c2216722865c591a9f447d49feac018ab118476f2843

C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc

MD5 70a4a4ca5003fe431cb9c6e04cb8d1a0
SHA1 f60eafa8034509c683c9afedad105d196f2fd159
SHA256 847c3d2e65dc5cdf7a7fc521ce2a04297c249a29a1168f491b2b75340e8a0c98
SHA512 bc115d7bc8720e33d39e8390c17178fee637eb91b1e20a82202698995402b75b514649dae8b5856025cc020eedd07f0e881e3dbb0707be32bfe4f531ef66bbdb

C:\Program Files (x86)\ehajikehglgqbmzvpvyrazb.yxc

MD5 8129fc03435465a517e96bba669985c9
SHA1 0e833de0465c8fb802a7d7173c6eb5e11218fede
SHA256 12217bb4f9851d27c4cf943e1742719f1bf8bfa93f6a00decb29a20caef9b0bd
SHA512 27a84a712952f75e4cd444df654c914ee02a3085347f4df0905c1d5ad63c91864b2dc324b86e162c5be5acda40a17c910e86c661c96a7a3970863364764089d3

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-22 13:08

Reported

2025-04-22 13:11

Platform

win10v2004-20250410-en

Max time kernel

29s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "tumestjesjkycoyzbxx.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "tumestjesjkycoyzbxx.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zqygkbhsw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\kepahbkyfpjq = "vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation C:\Windows\tumestjesjkycoyzbxx.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Windows\iizqddsmzppcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
N/A N/A C:\Windows\zyoeqpdwixwikucbb.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
N/A N/A C:\Windows\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Windows\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
N/A N/A C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Windows\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Windows\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Windows\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Windows\iizqddsmzppcfqzzav.exe N/A
N/A N/A C:\Windows\tumestjesjkycoyzbxx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Windows\gibujlcynfhwbozbebce.exe N/A
N/A N/A C:\Windows\zyoeqpdwixwikucbb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "zyoeqpdwixwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "iizqddsmzppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "vysmcfxukdgwcqcfjhjmg.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "iizqddsmzppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "gibujlcynfhwbozbebce.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "tumestjesjkycoyzbxx.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "sqfufdqithfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "zyoeqpdwixwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tumestjesjkycoyzbxx.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "zyoeqpdwixwikucbb.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "gibujlcynfhwbozbebce.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "vysmcfxukdgwcqcfjhjmg.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "tumestjesjkycoyzbxx.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "iizqddsmzppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\nkymwtfwgtqaaio = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kgtgplwmvhdmls = "tumestjesjkycoyzbxx.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gibujlcynfhwbozbebce.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "gibujlcynfhwbozbebce.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sqfufdqithfqrahf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vysmcfxukdgwcqcfjhjmg.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "sqfufdqithfqrahf.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ngqagzhuajc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe ." C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sktchzgsxf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iizqddsmzppcfqzzav.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jeqckfpemxsay = "zyoeqpdwixwikucbb.exe" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File created C:\Windows\SysWOW64\aklmjtswttdaniblwbkuvwtd.gdd C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File created C:\Windows\SysWOW64\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File created C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Program Files (x86)\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File created C:\Program Files (x86)\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File created C:\Windows\aklmjtswttdaniblwbkuvwtd.gdd C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\aklmjtswttdaniblwbkuvwtd.gdd C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\zyoeqpdwixwikucbb.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\sqfufdqithfqrahf.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
File opened for modification C:\Windows\mqlgxbusjdhyfuhlqpswrm.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tumestjesjkycoyzbxx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5252 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5252 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5252 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5968 wrote to memory of 4768 N/A C:\Windows\system32\cmd.exe C:\Windows\tumestjesjkycoyzbxx.exe
PID 5968 wrote to memory of 4768 N/A C:\Windows\system32\cmd.exe C:\Windows\tumestjesjkycoyzbxx.exe
PID 5968 wrote to memory of 4768 N/A C:\Windows\system32\cmd.exe C:\Windows\tumestjesjkycoyzbxx.exe
PID 4660 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 4660 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 4660 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 4844 wrote to memory of 4220 N/A C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4844 wrote to memory of 4220 N/A C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4844 wrote to memory of 4220 N/A C:\Windows\gibujlcynfhwbozbebce.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 688 wrote to memory of 4968 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 688 wrote to memory of 4968 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 688 wrote to memory of 4968 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 1688 wrote to memory of 5840 N/A C:\Windows\system32\cmd.exe C:\Windows\iizqddsmzppcfqzzav.exe
PID 1688 wrote to memory of 5840 N/A C:\Windows\system32\cmd.exe C:\Windows\iizqddsmzppcfqzzav.exe
PID 1688 wrote to memory of 5840 N/A C:\Windows\system32\cmd.exe C:\Windows\iizqddsmzppcfqzzav.exe
PID 3912 wrote to memory of 4476 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
PID 3912 wrote to memory of 4476 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
PID 3912 wrote to memory of 4476 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe
PID 6004 wrote to memory of 4260 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
PID 6004 wrote to memory of 4260 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
PID 6004 wrote to memory of 4260 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe
PID 5840 wrote to memory of 1784 N/A C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5840 wrote to memory of 1784 N/A C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5840 wrote to memory of 1784 N/A C:\Windows\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4260 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4260 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4260 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 3116 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
PID 3116 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
PID 3116 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe
PID 2556 wrote to memory of 3020 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2556 wrote to memory of 3020 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2556 wrote to memory of 3020 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 3020 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 3020 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 3020 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 4620 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe
PID 4620 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe
PID 4620 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe
PID 4620 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe
PID 4620 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe
PID 4620 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe C:\Users\Admin\AppData\Local\Temp\guzeft.exe
PID 4080 wrote to memory of 4160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4080 wrote to memory of 4160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4080 wrote to memory of 4160 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4316 wrote to memory of 5228 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 4316 wrote to memory of 5228 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 4316 wrote to memory of 5228 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 5428 wrote to memory of 5400 N/A C:\Windows\system32\cmd.exe C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
PID 5428 wrote to memory of 5400 N/A C:\Windows\system32\cmd.exe C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
PID 5428 wrote to memory of 5400 N/A C:\Windows\system32\cmd.exe C:\Windows\vysmcfxukdgwcqcfjhjmg.exe
PID 3252 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\tumestjesjkycoyzbxx.exe
PID 3252 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\tumestjesjkycoyzbxx.exe
PID 3252 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\tumestjesjkycoyzbxx.exe
PID 5400 wrote to memory of 548 N/A C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5400 wrote to memory of 548 N/A C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 5400 wrote to memory of 548 N/A C:\Windows\vysmcfxukdgwcqcfjhjmg.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
PID 2280 wrote to memory of 5652 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 2280 wrote to memory of 5652 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 2280 wrote to memory of 5652 N/A C:\Windows\system32\cmd.exe C:\Windows\gibujlcynfhwbozbebce.exe
PID 4392 wrote to memory of 4608 N/A C:\Windows\tumestjesjkycoyzbxx.exe C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\guzeft.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce23cbd71cc033cecb1958623ee620c1.exe"

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_ce23cbd71cc033cecb1958623ee620c1.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\guzeft.exe

"C:\Users\Admin\AppData\Local\Temp\guzeft.exe" "-C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe"

C:\Users\Admin\AppData\Local\Temp\guzeft.exe

"C:\Users\Admin\AppData\Local\Temp\guzeft.exe" "-C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\iizqddsmzppcfqzzav.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\gibujlcynfhwbozbebce.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqfufdqithfqrahf.exe .

C:\Windows\sqfufdqithfqrahf.exe

sqfufdqithfqrahf.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\sqfufdqithfqrahf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyoeqpdwixwikucbb.exe .

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zyoeqpdwixwikucbb.exe

zyoeqpdwixwikucbb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\sqfufdqithfqrahf.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\zyoeqpdwixwikucbb.exe*."

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe

C:\Users\Admin\AppData\Local\Temp\tumestjesjkycoyzbxx.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\tumestjesjkycoyzbxx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\gibujlcynfhwbozbebce.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iizqddsmzppcfqzzav.exe .

C:\Windows\iizqddsmzppcfqzzav.exe

iizqddsmzppcfqzzav.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\iizqddsmzppcfqzzav.exe*."

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe .

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\iizqddsmzppcfqzzav.exe

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\tumestjesjkycoyzbxx.exe*."

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe

C:\Users\Admin\AppData\Local\Temp\vysmcfxukdgwcqcfjhjmg.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\vysmcfxukdgwcqcfjhjmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe

C:\Users\Admin\AppData\Local\Temp\zyoeqpdwixwikucbb.exe .

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\zyoeqpdwixwikucbb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\tumestjesjkycoyzbxx.exe

tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\gibujlcynfhwbozbebce.exe

gibujlcynfhwbozbebce.exe .

C:\Windows\vysmcfxukdgwcqcfjhjmg.exe

vysmcfxukdgwcqcfjhjmg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tumestjesjkycoyzbxx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vysmcfxukdgwcqcfjhjmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gibujlcynfhwbozbebce.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 udp
US 104.156.155.94:80 jexkhytfwddl.info tcp
US 8.8.8.8:53 dnpuox.info udp
US 8.8.8.8:53 kckuvibogpr.info udp
AU 86.38.88.113:15750 tcp
US 8.8.8.8:53 gywtwwlod.info udp
US 8.8.8.8:53 ieykyo.org udp
US 8.8.8.8:53 sjprybamvq.net udp
LT 78.62.52.110:34385 tcp
US 8.8.8.8:53 uotalijyvwzs.info udp
US 8.8.8.8:53 imieeq.com udp
US 8.8.8.8:53 nfabgozzrzrt.net udp
US 8.8.8.8:53 vgfsrnh.com udp
US 8.8.8.8:53 sankjiltb.info udp
US 8.8.8.8:53 qbvxzenxguqt.info udp
US 8.8.8.8:53 ckcfupeuro.net udp
US 8.8.8.8:53 hrieydzqbyx.com udp
US 8.8.8.8:53 tfxjyydbceed.net udp
US 8.8.8.8:53 fdrqnwwwbb.info udp
US 8.8.8.8:53 zjjfnirx.net udp
US 8.8.8.8:53 mywydqwkzcu.info udp
US 8.8.8.8:53 wphgtp.net udp
US 8.8.8.8:53 iyvmtzdot.info udp
US 8.8.8.8:53 kmmigl.net udp
US 8.8.8.8:53 cgxzfpzvzx.info udp
US 8.8.8.8:53 kdnqpoh.info udp
US 8.8.8.8:53 pjvfeicrvlio.info udp
BG 83.148.90.22:23558 tcp
US 8.8.8.8:53 vptzdgzmmy.info udp
US 8.8.8.8:53 kgkywsyamqww.com udp
US 8.8.8.8:53 zgtkrmvadeh.com udp
US 8.8.8.8:53 dpigqksazzem.info udp
US 8.8.8.8:53 rupkvo.info udp
US 8.8.8.8:53 jflqrhezqyjn.info udp
US 8.8.8.8:53 afzgrtuw.info udp
US 8.8.8.8:53 svzavzx.info udp
US 8.8.8.8:53 likpsf.info udp
US 8.8.8.8:53 iibnfvnjxjp.info udp
US 8.8.8.8:53 pxdplesghizt.info udp
US 8.8.8.8:53 hijlvkoguj.info udp
US 8.8.8.8:53 zudfbpkdbefh.net udp
US 8.8.8.8:53 zcwuiahdrgp.org udp
US 8.8.8.8:53 mytouak.net udp
US 8.8.8.8:53 oowqfaa.info udp
US 8.8.8.8:53 serpfizhm.info udp
US 8.8.8.8:53 skguhaab.info udp
US 8.8.8.8:53 nodejiaqnfj.info udp
US 8.8.8.8:53 xgsefzm.com udp
US 8.8.8.8:53 iasewoyeoiqa.org udp
BG 84.252.58.195:13863 tcp
US 8.8.8.8:53 cqpblckecxly.net udp
US 8.8.8.8:53 gzdolwx.net udp
US 8.8.8.8:53 xpbhtv.net udp
US 8.8.8.8:53 nmsohnygv.com udp
US 8.8.8.8:53 yiieksusmcwk.org udp
US 8.8.8.8:53 yinqzgrte.info udp
US 8.8.8.8:53 pibmkdbcfgt.org udp
US 8.8.8.8:53 omeygqcqyucy.com udp
US 8.8.8.8:53 gotehfsquur.net udp
US 8.8.8.8:53 ekykciia.org udp
US 8.8.8.8:53 dgrydww.info udp
US 8.8.8.8:53 aisuygumic.org udp
US 8.8.8.8:53 fcrallykp.org udp
US 8.8.8.8:53 tupuxkqajod.com udp
US 8.8.8.8:53 dhjnrzcquc.info udp
US 8.8.8.8:53 nibuxeovxp.info udp
US 8.8.8.8:53 pxrayouu.info udp
US 8.8.8.8:53 nppfzhdntldy.info udp
US 8.8.8.8:53 aeabsix.net udp
US 8.8.8.8:53 mugsesysukik.com udp
US 8.8.8.8:53 xczxlsoke.info udp
US 8.8.8.8:53 eegrlc.net udp
US 8.8.8.8:53 xqfurgaeyut.org udp
US 8.8.8.8:53 bkerbohur.org udp
US 8.8.8.8:53 irfnkgtsrwj.info udp
US 8.8.8.8:53 jrhutut.org udp
US 8.8.8.8:53 bevrlfjfdm.net udp
US 8.8.8.8:53 aeykcygumw.org udp
US 8.8.8.8:53 ylzmfgbctpy.net udp
US 8.8.8.8:53 vlwvzy.net udp
US 8.8.8.8:53 zpncydzhnn.net udp
US 8.8.8.8:53 dxrlktsaxc.info udp
US 8.8.8.8:53 rrnyuip.net udp
US 8.8.8.8:53 ogsgwkua.org udp
US 8.8.8.8:53 gagewmaq.com udp
US 8.8.8.8:53 ucwmoumwymuc.com udp
US 8.8.8.8:53 didszfrcd.info udp
US 8.8.8.8:53 wqmevw.net udp
US 8.8.8.8:53 sukooweuoa.org udp
US 8.8.8.8:53 nbsqxz.info udp
US 8.8.8.8:53 qhgcwzzwjr.net udp
US 8.8.8.8:53 rllcuulj.info udp
US 8.8.8.8:53 zakfvnuu.net udp
US 8.8.8.8:53 ebpqsrl.info udp
US 8.8.8.8:53 aeqeyq.org udp
BG 89.215.79.176:37397 tcp
US 8.8.8.8:53 umtftuvejet.info udp
US 8.8.8.8:53 tubqvjyubmh.info udp
US 8.8.8.8:53 vcxntkls.info udp
US 8.8.8.8:53 nygqhmzun.info udp
US 8.8.8.8:53 iuhmtjt.info udp
US 8.8.8.8:53 uclufikiq.info udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 oarqwlwxr.info udp
DE 142.250.181.195:80 c.pki.goog tcp
US 8.8.8.8:53 okgccrvs.net udp
US 8.8.8.8:53 acrqtqb.info udp
US 8.8.8.8:53 xwtkdlirhuzi.net udp
US 8.8.8.8:53 iupgmiw.info udp
US 8.8.8.8:53 psommyz.net udp
US 8.8.8.8:53 tapqgkz.info udp
US 8.8.8.8:53 ninlhcpslefj.net udp
US 8.8.8.8:53 onswuewrdu.net udp
US 8.8.8.8:53 rgbhgyxhkuqi.net udp
US 8.8.8.8:53 iofhtweoxy.info udp
US 8.8.8.8:53 fikabkhybxw.org udp
US 8.8.8.8:53 oiocijheghhi.net udp
US 8.8.8.8:53 ieuyycwqwkoc.com udp
US 8.8.8.8:53 fhjevs.net udp
US 8.8.8.8:53 lmtupktbm.net udp
US 8.8.8.8:53 hsxyzwi.org udp
US 8.8.8.8:53 ikuoqces.org udp
US 8.8.8.8:53 ondefafvf.net udp
US 8.8.8.8:53 uimqwaycag.com udp
US 8.8.8.8:53 lvtyhqheccxw.net udp
US 8.8.8.8:53 gacwqyymskwq.com udp
US 8.8.8.8:53 vmbpcb.net udp
US 8.8.8.8:53 mcygkwqm.org udp
US 8.8.8.8:53 nuhrbgjdpn.net udp
US 8.8.8.8:53 simkgkkmcigi.com udp
US 8.8.8.8:53 akiuiyqc.org udp
US 8.8.8.8:53 vivcxfnabjhl.info udp
US 8.8.8.8:53 jxcsgestbkig.net udp
US 8.8.8.8:53 ezkljtfkdk.net udp
US 8.8.8.8:53 jwoqtgv.net udp
US 8.8.8.8:53 ywhaqio.info udp
US 8.8.8.8:53 nfqhfdywarws.net udp
US 8.8.8.8:53 ntmebtqz.net udp
US 8.8.8.8:53 tqyrbswireeu.info udp
US 8.8.8.8:53 zmnprckzdsq.org udp
US 8.8.8.8:53 uyptcxksnmx.info udp
US 8.8.8.8:53 ikaaqc.com udp
US 8.8.8.8:53 gsusoemq.org udp
US 8.8.8.8:53 ccyoouma.org udp
US 8.8.8.8:53 lumcger.com udp
US 8.8.8.8:53 wobnprasejiu.net udp
US 8.8.8.8:53 ijevrjmd.net udp
US 8.8.8.8:53 tnekwqkrgjls.net udp
US 8.8.8.8:53 jsjqfcsgq.com udp
US 8.8.8.8:53 zewymsp.net udp
US 8.8.8.8:53 mdbvrrid.net udp
US 8.8.8.8:53 rclihrx.org udp
US 8.8.8.8:53 hlxbchszzp.net udp
US 8.8.8.8:53 suaawe.org udp
LT 82.135.208.104:37674 tcp
US 8.8.8.8:53 pkmjinbdiy.net udp
US 8.8.8.8:53 cuzvffb.info udp
US 8.8.8.8:53 dvrckvjk.net udp
US 8.8.8.8:53 syyeckso.com udp
US 8.8.8.8:53 vubmdwugfwv.org udp
US 8.8.8.8:53 dqyydwrdmeik.info udp
US 8.8.8.8:53 fryzrrnw.net udp
US 8.8.8.8:53 gjoieqt.net udp
US 8.8.8.8:53 rfklnyczu.info udp
US 8.8.8.8:53 zxalrmlrvt.info udp
US 8.8.8.8:53 mhnnqyayup.info udp
US 8.8.8.8:53 lxhewirho.net udp
US 8.8.8.8:53 xmhanupgu.info udp
US 8.8.8.8:53 dnikvkncxqn.org udp
US 8.8.8.8:53 qugsxhub.net udp
US 8.8.8.8:53 dufwtmtvzsym.info udp
US 8.8.8.8:53 khnqsoxebsn.net udp
US 8.8.8.8:53 eaekia.org udp
US 8.8.8.8:53 aqiwmyai.org udp
US 8.8.8.8:53 bcnnncdkmif.net udp
US 8.8.8.8:53 phtgqc.info udp
US 8.8.8.8:53 fdygvtpuse.info udp
US 8.8.8.8:53 swlmkovddcp.net udp
US 8.8.8.8:53 xqdersbedxp.net udp
US 8.8.8.8:53 shzmhqc.info udp
US 8.8.8.8:53 tcpbcllr.info udp
US 8.8.8.8:53 tfdtkowhkobz.net udp
US 8.8.8.8:53 tlzyfn.net udp
US 8.8.8.8:53 mmiwcomcisiq.org udp
US 8.8.8.8:53 sqajxqve.info udp
US 8.8.8.8:53 ogqsssmu.com udp
US 8.8.8.8:53 zutagbtdnoxk.net udp
US 8.8.8.8:53 hurkpv.info udp
US 8.8.8.8:53 gfxdruagt.net udp
US 8.8.8.8:53 qeuzpinyrkwk.info udp
US 8.8.8.8:53 pswrtsjyw.org udp
US 8.8.8.8:53 zwpabmq.com udp
US 8.8.8.8:53 naeqfdlxlws.net udp
US 8.8.8.8:53 sagsmu.com udp
US 8.8.8.8:53 zseenicm.info udp
US 8.8.8.8:53 fytlwme.net udp
US 8.8.8.8:53 rngobwdt.net udp
US 8.8.8.8:53 fguceef.info udp
US 8.8.8.8:53 pbzprf.net udp
US 8.8.8.8:53 gnzpxs.net udp
US 8.8.8.8:53 efsqdutmd.net udp
US 8.8.8.8:53 xiqrblvfry.net udp
US 8.8.8.8:53 nulzxrfhbcwj.info udp
US 8.8.8.8:53 kedumof.info udp
BG 91.139.150.254:31569 tcp
US 8.8.8.8:53 imwuei.com udp
US 8.8.8.8:53 skwogs.com udp
US 8.8.8.8:53 otnroghork.net udp
US 8.8.8.8:53 wmcauomiay.com udp
US 8.8.8.8:53 hkhmgrdmb.net udp
US 8.8.8.8:53 bpjotlivl.com udp
US 8.8.8.8:53 hjjdkaxtirkd.net udp
US 8.8.8.8:53 rcerokrfflda.info udp
US 8.8.8.8:53 qerofmbgxsy.info udp
US 8.8.8.8:53 wwxggup.net udp
US 8.8.8.8:53 unjxrzyw.info udp
US 8.8.8.8:53 susjohwila.info udp
US 8.8.8.8:53 wmsgmqauocys.org udp
US 8.8.8.8:53 uogicigmue.org udp
US 8.8.8.8:53 vjwftnwbuvuw.info udp
US 8.8.8.8:53 hyillgil.info udp
US 8.8.8.8:53 ecmhfestkd.info udp
US 8.8.8.8:53 agolgclkt.net udp
US 8.8.8.8:53 ddsdkxscdwzg.net udp
US 8.8.8.8:53 sykugiow.com udp
US 8.8.8.8:53 gwfcwdn.net udp
US 8.8.8.8:53 ghqbryx.net udp
US 8.8.8.8:53 erkpvbzot.info udp
US 8.8.8.8:53 fvzrixky.net udp
US 8.8.8.8:53 ecaxpk.info udp
US 8.8.8.8:53 ezzekefsau.net udp
US 8.8.8.8:53 sorwpkpaots.info udp
US 8.8.8.8:53 jcjehnuyy.info udp
US 8.8.8.8:53 tyrqdptkr.info udp
US 8.8.8.8:53 bgtckaynjj.info udp
US 8.8.8.8:53 jphrtnhm.net udp
US 8.8.8.8:53 fhyxrenon.org udp
US 8.8.8.8:53 tzvvajdpidhc.info udp
US 8.8.8.8:53 pmkjtfqint.info udp
US 8.8.8.8:53 pwmoeopmhqf.info udp
US 8.8.8.8:53 mzjqjgbz.info udp
US 8.8.8.8:53 usgccqkqcsuw.com udp
US 8.8.8.8:53 usgggwykyque.com udp
US 8.8.8.8:53 osxmkaz.info udp
US 8.8.8.8:53 suncxnohusp.info udp
US 8.8.8.8:53 mqmmwaou.org udp
US 8.8.8.8:53 tkvltrgf.net udp
US 8.8.8.8:53 nbysyscpqk.info udp
US 8.8.8.8:53 bkilqmghrs.info udp
US 8.8.8.8:53 urksgjxww.net udp
US 8.8.8.8:53 sbzgoiqu.net udp
US 8.8.8.8:53 qtlpzugsle.info udp
US 8.8.8.8:53 rokefozcd.net udp
US 8.8.8.8:53 olijdrlmzb.net udp
US 8.8.8.8:53 domwfiikc.org udp
US 8.8.8.8:53 bcqkkitxu.net udp
US 8.8.8.8:53 aeqkeewsgkyu.org udp
US 8.8.8.8:53 uyyxodieeh.net udp
US 8.8.8.8:53 iudaiyiutga.net udp
US 8.8.8.8:53 aekskoms.com udp
US 8.8.8.8:53 bqhewwdmb.com udp
US 8.8.8.8:53 fwrhago.com udp
US 8.8.8.8:53 psehtr.net udp
US 8.8.8.8:53 qmgnqyayup.net udp
US 8.8.8.8:53 rependurpc.net udp
US 8.8.8.8:53 vepyrggqj.info udp
US 8.8.8.8:53 qovagk.net udp
US 8.8.8.8:53 olwwzvbjuvtp.info udp
FR 62.213.191.129:17507 tcp
US 8.8.8.8:53 lcruwwzwd.info udp
US 8.8.8.8:53 bstghefyp.com udp
US 8.8.8.8:53 hvltpqd.net udp
US 8.8.8.8:53 avigzh.info udp
US 8.8.8.8:53 jidwvuzea.info udp
US 8.8.8.8:53 yffbsbvpxj.net udp
US 8.8.8.8:53 sgbpordmh.net udp
US 8.8.8.8:53 yuhfxlze.info udp
US 8.8.8.8:53 czomtaj.net udp
US 8.8.8.8:53 vghrznsx.info udp
US 8.8.8.8:53 hqpfhrtazw.info udp
US 8.8.8.8:53 mhxria.info udp
US 8.8.8.8:53 azekrdzgkyb.net udp
US 8.8.8.8:53 mmhgrpr.net udp
US 8.8.8.8:53 ojbwcofwhor.info udp
US 8.8.8.8:53 fkmohh.info udp
US 8.8.8.8:53 mzpudn.net udp
US 8.8.8.8:53 ndzupwa.com udp
US 8.8.8.8:53 neemdslqxge.com udp
US 8.8.8.8:53 tpsiuh.net udp
US 8.8.8.8:53 vpshbvrar.com udp
US 8.8.8.8:53 ssfwxkh.net udp
US 8.8.8.8:53 mohmueg.net udp
US 8.8.8.8:53 haeqxyqztip.com udp
US 8.8.8.8:53 mckeyzmofxi.info udp
US 8.8.8.8:53 ikzlbyrvpgt.info udp
US 8.8.8.8:53 jcpgijxh.net udp
US 8.8.8.8:53 gajgdrt.net udp
US 8.8.8.8:53 mtbggegcf.info udp
US 8.8.8.8:53 cxzgxenej.net udp
US 8.8.8.8:53 msumcw.org udp
US 8.8.8.8:53 oalqtqzxdcr.info udp
US 8.8.8.8:53 mpgtxs.net udp
US 8.8.8.8:53 cofxnvderwvc.info udp
BG 77.71.4.98:43163 tcp
US 8.8.8.8:53 gwgiim.org udp
US 8.8.8.8:53 dodowdlygur.net udp
US 8.8.8.8:53 eidkggpqoemp.info udp
US 8.8.8.8:53 blbyjnpnlgn.net udp
US 8.8.8.8:53 mvmpxiyqv.info udp
US 8.8.8.8:53 vzrywgbypzqt.info udp
US 8.8.8.8:53 yhnpqqp.info udp
US 8.8.8.8:53 fkiybhlz.net udp
US 8.8.8.8:53 tdcuuersxh.net udp
US 8.8.8.8:53 epnerpt.info udp
US 8.8.8.8:53 znlfenovmt.info udp
US 8.8.8.8:53 fllhzyzvbsxw.net udp
US 8.8.8.8:53 dfsbgdqwmb.net udp
US 8.8.8.8:53 ssnkrhjfy.net udp
US 8.8.8.8:53 hprerydzd.com udp
US 8.8.8.8:53 yeuisgkyyk.org udp
US 8.8.8.8:53 ccuswsqoik.org udp
US 8.8.8.8:53 yisadguwoi.net udp
US 8.8.8.8:53 icjutzjytmd.net udp
US 8.8.8.8:53 ltiljcqa.net udp
US 8.8.8.8:53 yakckkiacm.org udp
US 8.8.8.8:53 uaewnzxhxs.info udp
US 8.8.8.8:53 ohpsnmt.info udp
US 8.8.8.8:53 gehsuywdq.net udp
US 8.8.8.8:53 eahfih.info udp
US 8.8.8.8:53 okdycuj.net udp
US 8.8.8.8:53 celbkxvoa.info udp
US 8.8.8.8:53 xfkkhqxsz.net udp
US 8.8.8.8:53 jpiauqrujtxf.net udp
US 8.8.8.8:53 ksaauwyksqoa.com udp
US 8.8.8.8:53 ppquhca.net udp
US 8.8.8.8:53 dnvqhx.info udp
US 8.8.8.8:53 nsvsiurumoi.org udp
US 8.8.8.8:53 jybnquobei.info udp
US 8.8.8.8:53 cmnwlclawpi.info udp
US 8.8.8.8:53 ejgmofxiqlij.net udp
US 8.8.8.8:53 dppayanib.info udp
US 8.8.8.8:53 arzabffcxk.info udp
US 8.8.8.8:53 gjxbgydul.net udp
US 8.8.8.8:53 jilpvdooiw.info udp
US 8.8.8.8:53 jfnhpabzd.org udp
US 8.8.8.8:53 zoosdjduv.net udp
US 8.8.8.8:53 pgvgqgh.info udp
US 8.8.8.8:53 bxpcatpmqj.info udp
US 8.8.8.8:53 kcywokua.com udp
US 8.8.8.8:53 gzejbuxwt.info udp
US 8.8.8.8:53 axdszgvd.net udp
US 8.8.8.8:53 xbbrovhypum.org udp
US 8.8.8.8:53 bdhqxgf.net udp
US 8.8.8.8:53 iomatkiym.info udp
US 8.8.8.8:53 fpzbetywmpyp.info udp
US 8.8.8.8:53 agoayw.com udp
US 8.8.8.8:53 zbkemqf.com udp
US 8.8.8.8:53 brihzn.net udp
US 8.8.8.8:53 lwdsjov.info udp
US 8.8.8.8:53 qcbgptxcfym.info udp
US 8.8.8.8:53 xsdwxmohbao.info udp
US 8.8.8.8:53 ccykokaikwgi.com udp
US 8.8.8.8:53 hffhnoww.net udp
US 8.8.8.8:53 wylslmf.net udp
US 8.8.8.8:53 ihkziumotfom.info udp
US 8.8.8.8:53 qwpkoiwmcqd.net udp
US 8.8.8.8:53 kelajszodmr.info udp
US 8.8.8.8:53 alnubzpvsmsp.info udp
US 8.8.8.8:53 qkiqmyiw.com udp
US 8.8.8.8:53 neorrp.info udp
US 8.8.8.8:53 bvfqhxtfldin.info udp
US 8.8.8.8:53 skieieciiymc.org udp
US 8.8.8.8:53 kdhzwczvplfc.net udp
US 8.8.8.8:53 muyhzebsyb.info udp
US 8.8.8.8:53 gudwryjkprty.net udp
US 8.8.8.8:53 aspcrydnn.net udp
US 8.8.8.8:53 iqtmro.net udp
US 8.8.8.8:53 jkygffjpe.org udp
LT 212.117.9.67:28926 tcp
US 8.8.8.8:53 isksoqciocua.com udp
US 8.8.8.8:53 ahxenybvdg.net udp
US 8.8.8.8:53 fbjwqgvtpah.org udp
US 8.8.8.8:53 aqzuehezrodu.net udp
US 8.8.8.8:53 yuzilaqrq.info udp
US 8.8.8.8:53 qlvwio.net udp
US 8.8.8.8:53 kiccmsgssi.org udp
US 8.8.8.8:53 nlzbvbln.net udp
US 8.8.8.8:53 aazoxyy.net udp
US 8.8.8.8:53 xaarreqnlrdm.info udp
US 8.8.8.8:53 rzmnvt.net udp
US 8.8.8.8:53 rxxgcidynwj.info udp
US 8.8.8.8:53 sazgfiaujqe.net udp
US 8.8.8.8:53 eskmqr.info udp
US 8.8.8.8:53 jtvrsczuav.net udp
US 8.8.8.8:53 baxdph.info udp
US 8.8.8.8:53 smrjvelsj.info udp
US 8.8.8.8:53 oeckauykukku.com udp
US 8.8.8.8:53 robvoees.info udp
US 8.8.8.8:53 yseuuqymim.org udp
US 8.8.8.8:53 jkteksfpv.net udp
US 8.8.8.8:53 cyyofopuv.info udp
US 8.8.8.8:53 ruybpg.net udp
US 8.8.8.8:53 auykucggmgac.com udp
US 8.8.8.8:53 vmaqgrlnnuqc.info udp
US 8.8.8.8:53 qggggmog.org udp
US 8.8.8.8:53 fgbgqvhlulxx.info udp
US 8.8.8.8:53 gssgyaf.net udp
US 8.8.8.8:53 jsmfpc.net udp
US 8.8.8.8:53 cqaywaeuusgm.com udp
US 8.8.8.8:53 liwxaedxzm.info udp
US 8.8.8.8:53 eetxralgr.info udp
US 8.8.8.8:53 omqgukoeyo.org udp
US 8.8.8.8:53 brlknql.org udp
US 8.8.8.8:53 oayyom.com udp
US 8.8.8.8:53 bndenikl.info udp
US 8.8.8.8:53 aoqehamscev.net udp
US 8.8.8.8:53 azrwjgz.net udp
US 8.8.8.8:53 hdredfgffn.info udp
US 8.8.8.8:53 pftodt.info udp
US 8.8.8.8:53 vtafpvrgwksj.net udp
US 8.8.8.8:53 nknhvnjmgw.net udp
US 8.8.8.8:53 luqlfi.info udp
US 8.8.8.8:53 zchvdwljyy.net udp
US 8.8.8.8:53 nkjoucmybek.com udp
US 8.8.8.8:53 xbtsfzzxva.net udp
US 8.8.8.8:53 roviltedxkxe.net udp
BG 77.85.91.141:44432 tcp
US 8.8.8.8:53 wezwkfy.net udp
US 8.8.8.8:53 dojwngv.net udp
US 8.8.8.8:53 acyiyawiusoe.org udp
US 8.8.8.8:53 chnrelp.info udp
US 8.8.8.8:53 kdbetjmzql.net udp
US 8.8.8.8:53 cpxrjdts.info udp
US 8.8.8.8:53 dgtizmncv.com udp
US 8.8.8.8:53 pcgwtmg.org udp
US 8.8.8.8:53 xxjixwmbjsb.net udp
US 8.8.8.8:53 kqboptvurzu.info udp
US 8.8.8.8:53 ilcyggbv.net udp
US 8.8.8.8:53 zlaolcwjd.info udp
US 8.8.8.8:53 tbhyxkjfzfjc.net udp
US 8.8.8.8:53 xzcpbsimgn.net udp
US 8.8.8.8:53 eujoljt.net udp
US 8.8.8.8:53 zmrpjer.net udp
US 8.8.8.8:53 ykxgdeomo.info udp
US 8.8.8.8:53 lfuyidfndkob.net udp
US 8.8.8.8:53 oipoxyj.net udp
US 8.8.8.8:53 qgmhjewbnk.info udp
US 8.8.8.8:53 usymgcik.com udp
US 8.8.8.8:53 lubgvwfyizr.net udp
US 8.8.8.8:53 zdtwtzoka.org udp
US 8.8.8.8:53 lspcwtatzf.net udp
US 8.8.8.8:53 jzuztayf.net udp
US 8.8.8.8:53 mphkyayezt.net udp
US 8.8.8.8:53 zcpxiqfofg.net udp
US 8.8.8.8:53 oimgyi.org udp
US 8.8.8.8:53 sxoelqf.info udp
US 8.8.8.8:53 haiefrj.org udp
US 8.8.8.8:53 ajcnwjgv.net udp
US 8.8.8.8:53 naxuwg.net udp
US 8.8.8.8:53 wudlmugsjej.net udp
US 8.8.8.8:53 ljolcdsbequk.info udp
LT 78.58.11.177:43530 tcp
US 8.8.8.8:53 rsyalub.org udp
US 8.8.8.8:53 munfhwxqbwc.net udp
US 8.8.8.8:53 ixqwxs.info udp
US 8.8.8.8:53 rvjvyw.net udp
US 8.8.8.8:53 owndpukyxfw.info udp
US 8.8.8.8:53 aysekgow.com udp
US 8.8.8.8:53 uavgedf.net udp
US 8.8.8.8:53 rsxuukjkp.net udp
US 8.8.8.8:53 jifwqcnij.info udp
US 8.8.8.8:53 aerilednj.net udp
US 8.8.8.8:53 pulkkajehkk.info udp
US 8.8.8.8:53 nchbdqglglqc.net udp
US 8.8.8.8:53 ecwueyii.org udp
US 8.8.8.8:53 tqzqeunk.net udp
US 8.8.8.8:53 jfjwweqha.info udp
US 8.8.8.8:53 qsouye.com udp
US 8.8.8.8:53 cuyokeoq.com udp
US 8.8.8.8:53 rvpqrbgcfvbe.info udp
US 8.8.8.8:53 fkdxttbi.net udp
US 8.8.8.8:53 lnxbduz.info udp
US 8.8.8.8:53 pgdolvl.org udp
US 8.8.8.8:53 ywggcq.com udp
US 8.8.8.8:53 pjjchmjje.info udp
US 8.8.8.8:53 ayuimmqmis.org udp
US 8.8.8.8:53 pwzgsfvl.net udp
US 8.8.8.8:53 yxamjg.net udp
US 8.8.8.8:53 wgxqfmj.info udp
US 8.8.8.8:53 twbuijrbzel.com udp
US 8.8.8.8:53 qlrjpd.info udp
US 8.8.8.8:53 zhhsxdrgtxga.net udp
US 8.8.8.8:53 puhtywyg.info udp
US 8.8.8.8:53 wkzejlit.info udp
US 8.8.8.8:53 attpxwz.net udp
US 8.8.8.8:53 qiesukkq.org udp
US 8.8.8.8:53 hrxehcf.net udp
US 8.8.8.8:53 fohtnzomm.org udp
US 8.8.8.8:53 kycuyyww.org udp
US 8.8.8.8:53 rqwiarekvwk.info udp
US 8.8.8.8:53 ndwnjkoi.info udp
US 8.8.8.8:53 vibtlp.info udp
US 8.8.8.8:53 hnlwionwvij.info udp
US 8.8.8.8:53 ggusjaz.info udp
US 8.8.8.8:53 naiythn.net udp
US 8.8.8.8:53 dbtifhuc.net udp
US 8.8.8.8:53 yxhdpddf.info udp
US 8.8.8.8:53 xwhmlab.net udp
US 8.8.8.8:53 hiuiozfid.info udp
US 8.8.8.8:53 uockgvlrxdph.net udp
US 8.8.8.8:53 qmecsgmo.org udp
US 8.8.8.8:53 trtenmbzfqb.com udp
US 8.8.8.8:53 ecjwlzqwh.net udp
US 8.8.8.8:53 xqxgkpi.info udp
US 8.8.8.8:53 noohokcey.info udp
US 8.8.8.8:53 conadth.net udp
US 8.8.8.8:53 yzwvpxlk.info udp
US 8.8.8.8:53 aaamikuesqee.org udp
US 8.8.8.8:53 lsdrakig.info udp
US 8.8.8.8:53 rcsqnghkhyt.net udp
US 8.8.8.8:53 vkycmmhqrgd.com udp
US 8.8.8.8:53 rknyjzuy.info udp
US 8.8.8.8:53 ykemsgmyaymq.com udp
US 8.8.8.8:53 nkdwpsixm.com udp
US 8.8.8.8:53 xugaqd.info udp
LT 86.100.245.29:40704 tcp
US 8.8.8.8:53 loliobol.info udp
US 8.8.8.8:53 qucrndhlvmnx.info udp
US 8.8.8.8:53 xurxflm.net udp
US 8.8.8.8:53 tkzwwug.info udp
US 8.8.8.8:53 wopkfsnclkh.info udp
US 8.8.8.8:53 jkmxfir.com udp
US 8.8.8.8:53 kgyico.org udp
US 8.8.8.8:53 kyemiyqekgqi.org udp
US 8.8.8.8:53 duznfpkl.info udp
US 8.8.8.8:53 hvdzuout.net udp
US 8.8.8.8:53 xloygesiiw.info udp
US 8.8.8.8:53 iyjqvklsvci.net udp
US 8.8.8.8:53 kyqjbufjpycm.net udp
US 8.8.8.8:53 rrtqdbcy.net udp
BG 94.156.58.161:30711 tcp
US 8.8.8.8:53 qmzoqmpegig.info udp
US 8.8.8.8:53 hksskkhuo.net udp
US 8.8.8.8:53 uvjtbs.net udp
US 8.8.8.8:53 wibidwhupbaq.info udp
US 8.8.8.8:53 zzfiyorzx.com udp
US 8.8.8.8:53 ruvgjbmg.net udp
US 8.8.8.8:53 xefhwadzpkx.info udp
US 8.8.8.8:53 qqggpdxxmuru.net udp
US 8.8.8.8:53 wjnodglyqcl.info udp
US 8.8.8.8:53 dppnxkxtye.net udp
US 8.8.8.8:53 rapcmavkxzz.net udp
US 8.8.8.8:53 flcsahvnzgfk.info udp
US 8.8.8.8:53 acfgusscqig.net udp
US 8.8.8.8:53 npxgzec.org udp
US 8.8.8.8:53 uegaai.org udp
US 8.8.8.8:53 lqnalljkixfs.info udp
US 8.8.8.8:53 dlvwlhxclem.org udp
US 8.8.8.8:53 hfzkalag.net udp
US 8.8.8.8:53 rbhfhb.net udp
US 8.8.8.8:53 aiqwiqsywyuu.org udp
US 8.8.8.8:53 djerbg.net udp
US 8.8.8.8:53 wzvyvb.net udp
US 8.8.8.8:53 tuhawxljff.info udp
US 8.8.8.8:53 feseoztguj.info udp
US 8.8.8.8:53 aopywqtwwau.net udp
US 8.8.8.8:53 uopubvyiebrz.info udp
US 8.8.8.8:53 fsxrrcpdgmuf.net udp
US 8.8.8.8:53 ajpepgvriac.info udp
US 8.8.8.8:53 wimicuoq.org udp
US 8.8.8.8:53 aaacuueqmi.com udp
US 8.8.8.8:53 wmsecg.com udp
US 8.8.8.8:53 nysriymvg.net udp
US 8.8.8.8:53 vcfsqqnamw.info udp
US 8.8.8.8:53 eimmnixqw.info udp
US 8.8.8.8:53 twrxhwl.com udp
US 8.8.8.8:53 pcgfbredb.info udp
US 8.8.8.8:53 smgewk.com udp
US 8.8.8.8:53 wcquieuiks.com udp
US 8.8.8.8:53 usseqasy.org udp
US 8.8.8.8:53 gmurzxjqkcos.net udp
US 8.8.8.8:53 wsvshob.info udp
US 8.8.8.8:53 eojyrsr.info udp
US 8.8.8.8:53 levcmmpyrl.info udp
US 8.8.8.8:53 pjbhbtbkfy.net udp
US 8.8.8.8:53 wxhurghdxplc.info udp
US 8.8.8.8:53 iotuvqi.net udp
US 8.8.8.8:53 dzlndsjynadz.net udp
US 8.8.8.8:53 ggxaaan.net udp
US 8.8.8.8:53 thzzycvozzhd.info udp
US 8.8.8.8:53 eodmqetur.net udp
US 8.8.8.8:53 miudxetdtgz.net udp
US 8.8.8.8:53 xcbckqnwnf.info udp
US 8.8.8.8:53 nshaafppl.com udp
US 8.8.8.8:53 ykdvou.net udp
US 8.8.8.8:53 awsisaqyguka.com udp
US 8.8.8.8:53 nblyev.info udp
US 8.8.8.8:53 aetqlldkruk.net udp
US 8.8.8.8:53 gkgccgecuh.info udp
US 8.8.8.8:53 sgoyacuayqwe.org udp
US 8.8.8.8:53 huvusrl.net udp
US 8.8.8.8:53 xnvzxciv.info udp
US 8.8.8.8:53 lnlluverxt.info udp
US 8.8.8.8:53 eixybqjsiwv.net udp
US 8.8.8.8:53 qnvnjopvonhc.net udp
US 8.8.8.8:53 idhegn.info udp
US 8.8.8.8:53 ntmatsb.info udp
US 8.8.8.8:53 kfcyvkqzskfw.info udp
US 8.8.8.8:53 ojblbt.net udp
US 8.8.8.8:53 iarcbjrebkv.info udp
US 8.8.8.8:53 sklcen.info udp
US 8.8.8.8:53 krluywpum.net udp
US 8.8.8.8:53 bcrznallpdp.com udp
US 8.8.8.8:53 bkewpipqh.org udp
US 8.8.8.8:53 qgeiymie.com udp
US 8.8.8.8:53 ycyaaoeuicmi.org udp
US 8.8.8.8:53 ouairwfsi.info udp
US 8.8.8.8:53 vurumccav.org udp
US 8.8.8.8:53 gcuwjlpnk.net udp
US 8.8.8.8:53 wyyaaskw.com udp
US 8.8.8.8:53 nueocc.info udp
US 8.8.8.8:53 ycyeqw.com udp
US 8.8.8.8:53 flcfdclb.info udp
US 8.8.8.8:53 lmcbjhz.net udp
US 8.8.8.8:53 wqmihqdblpk.info udp
US 8.8.8.8:53 wgigswio.com udp
US 8.8.8.8:53 nxhlxpqrfivx.net udp
US 8.8.8.8:53 ychchkicxcj.info udp
US 8.8.8.8:53 qloavg.info udp
US 8.8.8.8:53 nmhchsr.net udp
US 8.8.8.8:53 gkmqsscsiqyy.org udp
US 8.8.8.8:53 vfelmatb.net udp
US 8.8.8.8:53 tubrhhzkbmyz.net udp
US 8.8.8.8:53 cqmaioayui.com udp
US 8.8.8.8:53 ikysmgcqmqgu.org udp
US 8.8.8.8:53 eocucuweaagy.org udp
US 8.8.8.8:53 dqjrxy.net udp
US 8.8.8.8:53 oqikyg.org udp
US 8.8.8.8:53 aycwte.net udp
US 8.8.8.8:53 omsctadfvkl.net udp
US 8.8.8.8:53 klnsyk.net udp
US 8.8.8.8:53 zyhmtyjqksq.info udp
US 8.8.8.8:53 wogkyeqeke.org udp
US 8.8.8.8:53 qsdzdamlkrsm.net udp
US 8.8.8.8:53 sssokw.org udp
US 8.8.8.8:53 juicvrlbpi.net udp
US 8.8.8.8:53 psxanwnkfz.info udp
US 8.8.8.8:53 nuqsritgz.org udp
US 8.8.8.8:53 swkbdgxsb.net udp
US 8.8.8.8:53 tinypoimzb.net udp
US 8.8.8.8:53 qsqkwc.org udp
US 8.8.8.8:53 hqxeemjs.info udp
US 8.8.8.8:53 epsxey.info udp
US 8.8.8.8:53 rkqbmq.info udp
US 8.8.8.8:53 cvbwisp.net udp
US 8.8.8.8:53 aulvzsoxgo.info udp
US 8.8.8.8:53 euquqwii.org udp
US 8.8.8.8:53 kzicyr.info udp
US 8.8.8.8:53 mmhfpd.net udp
US 8.8.8.8:53 gwmsloetvg.net udp
US 8.8.8.8:53 smuoeu.com udp
US 8.8.8.8:53 prkqamq.net udp
US 8.8.8.8:53 pfmgqefuf.info udp
US 8.8.8.8:53 eexubiq.info udp
US 8.8.8.8:53 cerskihqqnu.info udp
US 8.8.8.8:53 zsrnhalwarn.net udp
US 8.8.8.8:53 wsouksqisg.org udp
US 8.8.8.8:53 wsmixhv.net udp
US 8.8.8.8:53 yiioeuiywqws.com udp
US 8.8.8.8:53 fzoszzpad.org udp
US 8.8.8.8:53 eqcuikumcc.com udp
US 8.8.8.8:53 jiduyhrthr.info udp
US 8.8.8.8:53 icwmuesy.com udp
US 8.8.8.8:53 lpkztmhavwo.net udp
US 8.8.8.8:53 bodsiylylyp.info udp
US 8.8.8.8:53 bgzqxjxiodvp.info udp
US 8.8.8.8:53 gyzcidyv.info udp
US 8.8.8.8:53 iygsie.org udp
US 8.8.8.8:53 frimtvfdnh.info udp
US 8.8.8.8:53 ythjpklysc.net udp
US 8.8.8.8:53 zghgwsx.com udp
US 8.8.8.8:53 bjotruabiq.net udp
US 8.8.8.8:53 rghoxyq.info udp
US 8.8.8.8:53 xvhxvvbjrfbs.info udp
US 8.8.8.8:53 ihzodaal.info udp
US 8.8.8.8:53 zijwfifij.com udp
US 8.8.8.8:53 nxxndo.net udp
US 8.8.8.8:53 cgjsfel.info udp
US 8.8.8.8:53 wmtqcpz.net udp
US 8.8.8.8:53 nvgsos.info udp
US 8.8.8.8:53 orkhgepxdfsx.info udp
US 8.8.8.8:53 tobeqdksbdc.info udp
US 8.8.8.8:53 genauuekxyl.net udp
US 8.8.8.8:53 lijvoblbnw.net udp
US 8.8.8.8:53 bktjdpl.com udp
US 8.8.8.8:53 ppidxgnm.net udp
US 8.8.8.8:53 xvotaqhjhsqc.net udp
US 8.8.8.8:53 lumgngd.com udp
US 8.8.8.8:53 ougjruf.info udp
US 8.8.8.8:53 fkxmqrlk.info udp
US 8.8.8.8:53 qubctfftd.net udp
US 8.8.8.8:53 uckcswsayy.com udp
US 8.8.8.8:53 hseiqpqznkwp.info udp
US 8.8.8.8:53 jadzkbvcif.info udp
US 8.8.8.8:53 jmjrhupcq.net udp
US 8.8.8.8:53 czlelkxovtf.info udp
US 8.8.8.8:53 qcsmquwc.org udp
US 8.8.8.8:53 fzrcbilll.org udp
US 8.8.8.8:53 zejcfun.info udp
US 8.8.8.8:53 mrpkbiu.net udp
US 8.8.8.8:53 lhgzmkba.info udp
US 8.8.8.8:53 iuwqykyake.org udp
US 8.8.8.8:53 wzngdnueebgn.net udp
US 8.8.8.8:53 wrnskvmaibz.info udp
US 8.8.8.8:53 moagaikumyqu.com udp
US 8.8.8.8:53 zafmhaempn.net udp
US 8.8.8.8:53 fwueygz.net udp
US 8.8.8.8:53 vbhkzba.com udp
US 8.8.8.8:53 tqxiwjs.com udp
US 8.8.8.8:53 nunsbyzpqj.net udp
US 8.8.8.8:53 xtnfkizgwnfb.net udp
US 8.8.8.8:53 hsvfegxnfxhp.net udp
US 8.8.8.8:53 eypeplym.info udp
US 8.8.8.8:53 mwurqbxq.info udp
US 8.8.8.8:53 fsxiqkkdkl.info udp
US 8.8.8.8:53 coxwrwt.info udp
US 8.8.8.8:53 aesscmgyqqge.com udp
US 8.8.8.8:53 ysaecamcuc.com udp
US 8.8.8.8:53 srtask.info udp
US 8.8.8.8:53 xeuozeesfqd.org udp
US 8.8.8.8:53 dczixpindeph.info udp
US 8.8.8.8:53 bzcssrek.info udp
US 8.8.8.8:53 etxezotwhmn.net udp
US 8.8.8.8:53 upbathmyh.info udp
US 8.8.8.8:53 jwxeqko.net udp
US 8.8.8.8:53 uatgllngjud.net udp
US 8.8.8.8:53 ekwyeaqgmqmg.org udp
US 8.8.8.8:53 kusqys.com udp
US 8.8.8.8:53 natcdyjeaot.net udp
US 8.8.8.8:53 yaocci.org udp
US 8.8.8.8:53 ocsyrkjcgif.net udp
US 8.8.8.8:53 swrenbq.net udp
US 8.8.8.8:53 efabpiudv.info udp
US 8.8.8.8:53 jnimhlgamn.net udp
US 8.8.8.8:53 gelspojljcz.net udp
US 8.8.8.8:53 gidcbcz.info udp
US 8.8.8.8:53 bynefizqqsr.info udp
US 8.8.8.8:53 sdkmxoaut.net udp
US 8.8.8.8:53 julkxat.com udp
US 8.8.8.8:53 ygeuiicascey.org udp
US 8.8.8.8:53 sloozwn.net udp
US 8.8.8.8:53 mgcefcd.net udp
US 8.8.8.8:53 zlhqyetrhtd.com udp
US 8.8.8.8:53 ewiljj.net udp
US 8.8.8.8:53 sdpxvmuzld.net udp
US 8.8.8.8:53 dsvytwnut.org udp
US 8.8.8.8:53 lygpychnvlri.info udp
US 8.8.8.8:53 czxutqo.info udp
US 8.8.8.8:53 ncqnmuxhxx.net udp
US 8.8.8.8:53 coeuma.org udp
US 8.8.8.8:53 rjoktspal.org udp
US 8.8.8.8:53 caphyz.info udp
US 8.8.8.8:53 ygrvkeenjih.info udp
US 8.8.8.8:53 ugwuvjvukyd.info udp
US 8.8.8.8:53 bmhujchsp.net udp
US 8.8.8.8:53 wamhos.info udp
US 8.8.8.8:53 pgipnip.info udp
US 8.8.8.8:53 iheapebbj.net udp
US 8.8.8.8:53 jnlvxpcnip.net udp
US 8.8.8.8:53 vixhexyw.info udp
US 8.8.8.8:53 kymwqeeasa.org udp
US 8.8.8.8:53 mlimcrci.net udp
US 8.8.8.8:53 yxzqaqp.net udp
US 8.8.8.8:53 rplzjoiijqio.info udp
US 8.8.8.8:53 umcojoyczkl.info udp
BG 89.215.81.98:29947 tcp
US 8.8.8.8:53 bbfgzpnvwelu.net udp
US 8.8.8.8:53 depqcsbcldht.net udp
US 8.8.8.8:53 yoakqw.org udp
US 8.8.8.8:53 rfnmhrjax.com udp
US 8.8.8.8:53 suprzljnbb.info udp
US 8.8.8.8:53 ooasyeagqi.com udp
US 8.8.8.8:53 wmtcmaf.net udp
US 8.8.8.8:53 soochwfxxun.net udp
US 8.8.8.8:53 jmcuhqj.com udp
US 8.8.8.8:53 kfxkgndz.info udp
US 8.8.8.8:53 aznpsxvk.net udp
US 8.8.8.8:53 qdounydzwz.info udp
US 8.8.8.8:53 mudrxjthhwx.info udp
US 8.8.8.8:53 aeuahyqamqvl.info udp

Files

C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe

MD5 167cddd47a64501723cbc117ce32cd90
SHA1 a51a0724191828707bfd327619163f656ee8329f
SHA256 1d3c34fdd554999a2b7384b4d6931af491e729171980f73c2d887ef25dc921d2
SHA512 61a8bada69102101dcb64d8fa9f243c8244764f351fae02b497b8496505ce86dff169451affe04a0b016ef6f839c26d69515065784def8fe9d1dd5d7462f6e22

C:\Windows\SysWOW64\iizqddsmzppcfqzzav.exe

MD5 ce23cbd71cc033cecb1958623ee620c1
SHA1 ee0c07c78a5eeb4216a4e178e871f04ef0ba9b00
SHA256 270dce235ce96e14c6472a545008e2e80c489f41b21f8ce9db95a60dd18f99c3
SHA512 9a26d99303a7e07e4b5be581d4621d8af9705106ef6f26ab5326911c0d0aa065658951c5ca5c3b7dc1c4603c65a5ff0b8dbed4dbbc43b7bcd3d93dafa18b6a73

C:\Users\Admin\AppData\Local\Temp\guzeft.exe

MD5 33829d3d9ee385ba4bf68d9ce274d21e
SHA1 1f42504d6faa4bea0c3578d87056a41e5cdbdaab
SHA256 421d7485e802e8d0aa0b4dbfd6e3bd1fe5c0ba71269c27126973f023c301831f
SHA512 f46dd4caa8cf4c495d47607bd5b7fed9030b5a5d850b18d7e48952059f2dc8e45bb09b8e9c5b8972f16be059de6af7bd7e1eeb42e25b8b07dba89ed058cd743e

C:\Users\Admin\AppData\Local\jeqckfpemxsayeidzpjeqckfpemxsayeidz.jeq

MD5 bb5aa1bd67038e985b808fc7249e9198
SHA1 a08b21123a41ef12a7d0113b85fe05726c5b1e5e
SHA256 75dd0518eaaedf7a98d69f6c70d99249f38f5677a87d54ae3ce5013fb7b8dcf9
SHA512 e364de7934e3cae91f47d8ba52a762eb2d1353eaeabf275b69e65a9383485bb0f8a9824ab7a7eb820ee8e1aa13562048dcc7e0997f1f42a1e9646b62e9ef60d3

C:\Users\Admin\AppData\Local\aklmjtswttdaniblwbkuvwtd.gdd

MD5 568bbe6ee0ffca779412392c147b926c
SHA1 ab93edc24c731e87b73161a00497efc8dfb01013
SHA256 ec00ecc5231d3ab9cb713144875b8dc2dcb0910bb5d2575b3b5349c73f2e64d4
SHA512 b7e2c8a9f2cc53ec228434cfa38018388d913fa6368d0e02000a22017cd5a01ef1f6e48d105d4e8c556242b6ac3dfb44bdc095c99fecf995270f7e3610033ec8

C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd

MD5 78094d8015bb767eacd1a4e60c958c39
SHA1 9638d727aa32353645a476f75ea414e521bb91cd
SHA256 6ef2cb7ec5fc495f0320103dea273bcd9bb0da91f8a7d106c9e51a506dadd6da
SHA512 c375bb1edcd21f94a27001969f672eea3d995b8865467561fe5af87c2e11db408e415c7bc5e8309bd837c527debb20a95c799659da971eff77bf5db3feb412ec

C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd

MD5 c6bbe17d281d2dac3857ed7a7afaaa7b
SHA1 3d50c323132e3ad7dcc7692b25c201addfa32724
SHA256 debf1ad135d10f24f0a3539ddff9692172bc0a1ca74dce730a7fc6caaf4eacfb
SHA512 4a8a8a44539fb1a171b7ad66fbc9db289f6cf833d8f936a08e7d521bf63123e21fd2e389b071edf3c68c4048d968a93c370928887eb91c8941483b011c3ec773

C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd

MD5 646af252def0f57fe9212517b1b0b99c
SHA1 770c9c42b21a597b25e4e4a885d14521be33e35e
SHA256 7816367de34a3e4a0ef1664bcbc8613799508d8bcca725941e044af0fe5514d5
SHA512 6921a869ad29e663f3c7bc3af129c855779d5e49d6f5950bc5c1711f8618292e0b1553263427cbb2789622880a2548cccf3126a9d005086fa036954e0e74294c

C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd

MD5 3377e28116b916bb0b16e9b88b2d4945
SHA1 1d02673e852e0ca4de5b24940f48ad98ebf8feb7
SHA256 afac44bca365fbabcf5c278d1d601903d747c2442320c51a39df36f31c016753
SHA512 b342be43666b3a956a7182dc83a0203a59b3a0e8eb89988a1cc17b46b71570a59c0ef1c268fed80cf00debf2c70d0a22c71ed9c168566c9e9f73cef436b51dd5

C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd

MD5 12e6683b9600220e1fef4da860b312c2
SHA1 087dd4ccb19860bf2784d12f07dc689573ce4faa
SHA256 5db9f1e64ea5b0cc0cb48f8ff6fc5055371eb37be8dd91df20d1d93bf559afc0
SHA512 7654e393cd9ec0e96fe06bf3d24e608c34fc5b9c9b026d8b4adeff748e31a01cf52fa50be0ef8d006f1952777e781e42799278e5cee536a7da040e3524fa69bd

C:\Program Files (x86)\aklmjtswttdaniblwbkuvwtd.gdd

MD5 50d2ca215e01bf1fc69a00ce938582e9
SHA1 72469642e9108edd46d376b16b4d03201a4773fd
SHA256 a4f89f0464da7b91006c0a72dd1e85b0874d7d0474dc36476568aa4905dad982
SHA512 e152d1c8a49bb53f6e1d76128d05e58fd69d89e26cfc037fa89a014ae0b0887e9d4cd9c52c4175096c13f02b1268d3cf383b2b51f8981a75a6fcd8968236ff1e