Malware Analysis Report

2025-08-10 16:32

Sample ID 250411-1p8z9szzg1
Target JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94
SHA256 075f8ff04a2ce29d55c82f2fabfa76187e0933b6b154614b45d5c5fdd41ed2a3
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

075f8ff04a2ce29d55c82f2fabfa76187e0933b6b154614b45d5c5fdd41ed2a3

Threat Level: Known bad

The file JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

UAC bypass

Pykspa family

Pykspa

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Executes dropped EXE

Checks computer location settings

Impair Defenses: Safe Mode Boot

Looks up external IP address via web service

Adds Run key to start application

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Drops file in System32 directory

Drops autorun.inf file

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-11 21:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-11 21:50

Reported

2025-04-11 21:53

Platform

win10v2004-20250410-en

Max time kernel

48s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "czifrparkxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "czifrparkxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "czifrparkxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhkbhzepcjw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhnhqlthxhxtsc = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yzmndfupmdadjalhztmna.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Windows\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\vrzvgdndvhzxykqh.exe N/A
N/A N/A C:\Windows\ljtredphbpjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
N/A N/A C:\Windows\vrzvgdndvhzxykqh.exe N/A
N/A N/A C:\Windows\czifrparkxqpreldr.exe N/A
N/A N/A C:\Windows\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Windows\ljtredphbpjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Windows\ljtredphbpjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe N/A
N/A N/A C:\Windows\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Windows\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
N/A N/A C:\Windows\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\yzmndfupmdadjalhztmna.exe N/A
N/A N/A C:\Windows\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\yzmndfupmdadjalhztmna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\jjvvklztpfbdiyidunff.exe N/A
N/A N/A C:\Windows\yzmndfupmdadjalhztmna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\vrzvgdndvhzxykqh.exe N/A
N/A N/A C:\Windows\wvgfttgzujefjyhbrja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\wvgfttgzujefjyhbrja.exe N/A
N/A N/A C:\Windows\czifrparkxqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
N/A N/A C:\Windows\yzmndfupmdadjalhztmna.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "ljtredphbpjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "czifrparkxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "czifrparkxqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "czifrparkxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "yzmndfupmdadjalhztmna.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "wvgfttgzujefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "wvgfttgzujefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "yzmndfupmdadjalhztmna.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "jjvvklztpfbdiyidunff.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "ljtredphbpjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "yzmndfupmdadjalhztmna.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\czifrparkxqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wvgfttgzujefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jjvvklztpfbdiyidunff.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vrzvgdndvhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "jjvvklztpfbdiyidunff.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qlsnxtcritkhhsx = "yzmndfupmdadjalhztmna.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ljtredphbpjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ljtredphbpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vrzvgdndvhzxykqh = "wvgfttgzujefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfjbibhthpdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yzmndfupmdadjalhztmna.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mfkdlfmzoxmhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czifrparkxqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\SysWOW64\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\SysWOW64\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File created C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Program Files (x86)\mfkdlfmzoxmhforfpbmfkdlfmzoxmhforfp.mfk C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File created C:\Program Files (x86)\mfkdlfmzoxmhforfpbmfkdlfmzoxmhforfp.mfk C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\prfhybrnldbfmeqngbvxln.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yzmndfupmdadjalhztmna.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wvgfttgzujefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vrzvgdndvhzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ljtredphbpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vrzvgdndvhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wvgfttgzujefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czifrparkxqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ljtredphbpjjmaibqh.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5840 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5840 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5840 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4504 wrote to memory of 3480 N/A C:\Windows\system32\cmd.exe C:\Windows\jjvvklztpfbdiyidunff.exe
PID 4504 wrote to memory of 3480 N/A C:\Windows\system32\cmd.exe C:\Windows\jjvvklztpfbdiyidunff.exe
PID 4504 wrote to memory of 3480 N/A C:\Windows\system32\cmd.exe C:\Windows\jjvvklztpfbdiyidunff.exe
PID 1140 wrote to memory of 5184 N/A C:\Windows\system32\cmd.exe C:\Windows\jjvvklztpfbdiyidunff.exe
PID 1140 wrote to memory of 5184 N/A C:\Windows\system32\cmd.exe C:\Windows\jjvvklztpfbdiyidunff.exe
PID 1140 wrote to memory of 5184 N/A C:\Windows\system32\cmd.exe C:\Windows\jjvvklztpfbdiyidunff.exe
PID 5184 wrote to memory of 4972 N/A C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5184 wrote to memory of 4972 N/A C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5184 wrote to memory of 4972 N/A C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2276 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\vrzvgdndvhzxykqh.exe
PID 2276 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\vrzvgdndvhzxykqh.exe
PID 2276 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\vrzvgdndvhzxykqh.exe
PID 4716 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\ljtredphbpjjmaibqh.exe
PID 4716 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\ljtredphbpjjmaibqh.exe
PID 4716 wrote to memory of 4920 N/A C:\Windows\system32\cmd.exe C:\Windows\ljtredphbpjjmaibqh.exe
PID 4892 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
PID 4892 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
PID 4892 wrote to memory of 4356 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
PID 4920 wrote to memory of 4592 N/A C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4920 wrote to memory of 4592 N/A C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4920 wrote to memory of 4592 N/A C:\Windows\ljtredphbpjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5148 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
PID 5148 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
PID 5148 wrote to memory of 3492 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe
PID 3492 wrote to memory of 5396 N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3492 wrote to memory of 5396 N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3492 wrote to memory of 5396 N/A C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5684 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5684 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5684 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3896 wrote to memory of 1560 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
PID 3896 wrote to memory of 1560 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
PID 3896 wrote to memory of 1560 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe
PID 1560 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1560 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1560 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1484 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
PID 1484 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
PID 1484 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
PID 1484 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
PID 1484 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
PID 1484 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe
PID 1304 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1304 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1304 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 1232 wrote to memory of 2792 N/A C:\Windows\system32\cmd.exe C:\Windows\czifrparkxqpreldr.exe
PID 1232 wrote to memory of 2792 N/A C:\Windows\system32\cmd.exe C:\Windows\czifrparkxqpreldr.exe
PID 1232 wrote to memory of 2792 N/A C:\Windows\system32\cmd.exe C:\Windows\czifrparkxqpreldr.exe
PID 5292 wrote to memory of 1572 N/A C:\Windows\system32\cmd.exe C:\Windows\wvgfttgzujefjyhbrja.exe
PID 5292 wrote to memory of 1572 N/A C:\Windows\system32\cmd.exe C:\Windows\wvgfttgzujefjyhbrja.exe
PID 5292 wrote to memory of 1572 N/A C:\Windows\system32\cmd.exe C:\Windows\wvgfttgzujefjyhbrja.exe
PID 3016 wrote to memory of 880 N/A C:\Windows\system32\cmd.exe C:\Windows\ljtredphbpjjmaibqh.exe
PID 3016 wrote to memory of 880 N/A C:\Windows\system32\cmd.exe C:\Windows\ljtredphbpjjmaibqh.exe
PID 3016 wrote to memory of 880 N/A C:\Windows\system32\cmd.exe C:\Windows\ljtredphbpjjmaibqh.exe
PID 1572 wrote to memory of 2840 N/A C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1572 wrote to memory of 2840 N/A C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1572 wrote to memory of 2840 N/A C:\Windows\jjvvklztpfbdiyidunff.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 880 wrote to memory of 1120 N/A C:\Windows\ljtredphbpjjmaibqh.exe C:\Windows\System32\Conhost.exe
PID 880 wrote to memory of 1120 N/A C:\Windows\ljtredphbpjjmaibqh.exe C:\Windows\System32\Conhost.exe
PID 880 wrote to memory of 1120 N/A C:\Windows\ljtredphbpjjmaibqh.exe C:\Windows\System32\Conhost.exe
PID 2992 wrote to memory of 5360 N/A C:\Windows\system32\cmd.exe C:\Windows\jjvvklztpfbdiyidunff.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b00543b6e9ead74528eb07622f2f5c94.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b00543b6e9ead74528eb07622f2f5c94.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe

"C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe" "-C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe"

C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe

"C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe" "-C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\czifrparkxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vrzvgdndvhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wvgfttgzujefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yzmndfupmdadjalhztmna.exe*."

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe

C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yzmndfupmdadjalhztmna.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jjvvklztpfbdiyidunff.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Windows\jjvvklztpfbdiyidunff.exe

jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Windows\vrzvgdndvhzxykqh.exe

vrzvgdndvhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\ljtredphbpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vrzvgdndvhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\czifrparkxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\jjvvklztpfbdiyidunff.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wvgfttgzujefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wvgfttgzujefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wvgfttgzujefjyhbrja.exe*."

C:\Windows\wvgfttgzujefjyhbrja.exe

wvgfttgzujefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\ljtredphbpjjmaibqh.exe

ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\ljtredphbpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czifrparkxqpreldr.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\czifrparkxqpreldr.exe

czifrparkxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yzmndfupmdadjalhztmna.exe .

C:\Windows\yzmndfupmdadjalhztmna.exe

yzmndfupmdadjalhztmna.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ljtredphbpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vrzvgdndvhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czifrparkxqpreldr.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.ebay.com udp
GB 2.22.69.9:80 www.ebay.com tcp
BG 78.90.55.229:40243 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 amyuyro.info udp
US 8.8.8.8:53 yvzahepb.net udp
US 8.8.8.8:53 qruszmh.info udp
US 8.8.8.8:53 pnzmrkotdao.org udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 wvfvrj.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 qreixexcc.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 fndkcrty.info udp
US 8.8.8.8:53 odtsdnjejyjs.net udp
US 8.8.8.8:53 miiqomko.com udp
US 8.8.8.8:53 zllngvgfem.net udp
US 8.8.8.8:53 vgcxrnbbdy.info udp
US 8.8.8.8:53 jekqzgl.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 ksoqhkvgrag.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 gpsyholakwt.info udp
US 8.8.8.8:53 kndnlpjkob.info udp
US 8.8.8.8:53 ackgaoqgma.com udp
US 8.8.8.8:53 gockoi.com udp
US 8.8.8.8:53 alransqrzrrr.net udp
US 8.8.8.8:53 cfpadoelnhlo.net udp
US 8.8.8.8:53 uojhvswqb.net udp
US 8.8.8.8:53 sclkjzof.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 aehuhyz.info udp
US 8.8.8.8:53 nzxoiz.info udp
US 8.8.8.8:53 mepszgpobal.info udp
US 8.8.8.8:53 tkasfibgn.info udp
US 8.8.8.8:53 gnlorfibsp.net udp
US 8.8.8.8:53 odstlxpfsleh.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 coclmqqm.info udp
US 8.8.8.8:53 asbnfhnew.info udp
US 8.8.8.8:53 rjgmhjrmjt.info udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 kmywsw.org udp
US 8.8.8.8:53 rtzjrt.net udp
US 8.8.8.8:53 ghbakzcvnuu.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 nhvlswsebeq.com udp
US 8.8.8.8:53 xorvdzbu.net udp
US 8.8.8.8:53 ieiasukucc.com udp
US 8.8.8.8:53 hifgqiwdsgr.info udp
US 8.8.8.8:53 bbngtct.info udp
BG 78.90.55.229:40243 tcp
US 8.8.8.8:53 ixpgvepvme.info udp
US 8.8.8.8:53 wulaepn.net udp
US 8.8.8.8:53 aoqrtf.info udp
US 8.8.8.8:53 mmqumoyqgsqu.com udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 ritreafnlkn.info udp
US 8.8.8.8:53 lofwzuf.net udp
US 8.8.8.8:53 apblhryx.net udp
US 8.8.8.8:53 mymwukwo.org udp
US 8.8.8.8:53 pwzurcp.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 aanklsxah.info udp
US 8.8.8.8:53 ueykucgiugak.org udp
US 8.8.8.8:53 zhostz.info udp
US 8.8.8.8:53 tihqnzoqx.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 ljncbldnjhav.info udp
US 8.8.8.8:53 ebuygyziur.info udp
US 8.8.8.8:53 iignwtuj.info udp
US 8.8.8.8:53 aeiikekm.org udp
US 8.8.8.8:53 kcusiqcoomqe.org udp
US 8.8.8.8:53 wulqhqt.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 ssjwtnjcx.info udp
US 8.8.8.8:53 uopvzse.info udp
US 8.8.8.8:53 gwymuwakwqqg.com udp
US 8.8.8.8:53 melgzhj.net udp
US 8.8.8.8:53 ngocscbyqm.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 rwtqxbdcg.info udp
US 8.8.8.8:53 bxhywnkujn.net udp
US 8.8.8.8:53 bjsweevix.com udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 xpjlbfpuvqb.com udp
US 8.8.8.8:53 ajjxrodr.net udp
US 8.8.8.8:53 festhakwil.info udp
US 8.8.8.8:53 swqcqw.org udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 pyhyhn.net udp
US 8.8.8.8:53 eqkgosgauc.org udp
US 8.8.8.8:53 miegwqqe.org udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 uukqdghcrvy.info udp
US 8.8.8.8:53 xxzmnkmun.com udp
US 8.8.8.8:53 ioziusi.net udp
US 8.8.8.8:53 tmejspbpkx.net udp
US 8.8.8.8:53 yxtlqc.info udp
US 8.8.8.8:53 gwegqq.org udp
US 8.8.8.8:53 magmqq.org udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 niaftzuxg.net udp
US 8.8.8.8:53 azlrsd.net udp
US 8.8.8.8:53 ukmgyaqqggea.com udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 nrzlgqkvhbno.info udp
US 8.8.8.8:53 mkblxvjv.info udp
US 8.8.8.8:53 nqweyoy.org udp
US 8.8.8.8:53 srvexqpuqet.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 uousvz.net udp
US 8.8.8.8:53 krofwfcxiy.info udp
US 8.8.8.8:53 unuwber.net udp
US 8.8.8.8:53 gejpyyv.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 hszczqffaiyh.info udp
US 8.8.8.8:53 ukzflowq.info udp
US 8.8.8.8:53 dgnezzzgh.org udp
US 8.8.8.8:53 oswqaoioeuuw.com udp
US 8.8.8.8:53 imnwxwdykuq.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 fypbmoztqdpg.info udp
US 8.8.8.8:53 zutwnsfglyz.net udp
US 8.8.8.8:53 hedyzwimpuk.com udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 qljalgxyjxp.net udp
US 8.8.8.8:53 uskemiz.net udp
US 8.8.8.8:53 dgjjttnjba.net udp
US 8.8.8.8:53 lumsfokrp.org udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 kdpydvpey.info udp
US 8.8.8.8:53 zxlpyazedst.net udp
US 8.8.8.8:53 iewyqgummawc.org udp
US 8.8.8.8:53 iettgoqmj.net udp
US 8.8.8.8:53 qapwlqx.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 gynjaclu.info udp
US 8.8.8.8:53 haueqyfw.info udp
US 8.8.8.8:53 zhiervzsxa.info udp
US 8.8.8.8:53 atcjjt.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 pqfmperg.net udp
US 8.8.8.8:53 kilnql.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 ywuqug.com udp
US 8.8.8.8:53 gmqswk.org udp
US 8.8.8.8:53 rmxncisesrxb.net udp
US 8.8.8.8:53 torkxc.net udp
US 8.8.8.8:53 csegnsrwz.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 hkxqryj.info udp
US 8.8.8.8:53 ozlekcn.net udp
US 8.8.8.8:53 vgefiqwudf.net udp
US 8.8.8.8:53 rmqacfykw.org udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 dadits.info udp
US 8.8.8.8:53 bhaetbti.info udp
US 8.8.8.8:53 quikggwuqqqq.com udp
US 8.8.8.8:53 panapmlmval.com udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 bsbbcvkndp.info udp
US 8.8.8.8:53 gykfkscjchem.info udp
US 8.8.8.8:53 iwgwiwai.com udp
US 8.8.8.8:53 oadaohuwzqn.net udp
US 8.8.8.8:53 ukdryjwxbpkc.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 ylhmye.info udp
US 8.8.8.8:53 emykeyqm.com udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 lntksufpm.net udp
US 8.8.8.8:53 uvyqbc.info udp
US 8.8.8.8:53 ccvczdfwxcvf.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 gkusvwpsdif.net udp
US 8.8.8.8:53 muufhydlvb.info udp
US 8.8.8.8:53 fshnsbialutk.info udp
US 8.8.8.8:53 gglblwpqwcka.info udp
US 8.8.8.8:53 tojcfdxyfle.com udp
US 8.8.8.8:53 rmjwcx.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 iupoosbjkya.info udp
US 8.8.8.8:53 xxjeksobyg.info udp
US 8.8.8.8:53 sglunc.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 lzxuggc.net udp
US 8.8.8.8:53 euaqqaqa.com udp
US 8.8.8.8:53 tgwbzmrqj.org udp
US 8.8.8.8:53 iwscec.com udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 tkjoxmaymyk.info udp
US 8.8.8.8:53 ckdqwub.net udp
US 8.8.8.8:53 lyrizussh.org udp
US 8.8.8.8:53 ixcosigwpxa.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 fbbwlmf.com udp
US 8.8.8.8:53 cylizmagjdw.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 nkfytes.info udp
US 8.8.8.8:53 ggjgflarbuw.info udp
US 8.8.8.8:53 fuxfzkpaqibr.info udp
US 8.8.8.8:53 lozxnqlz.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 hhmhgy.info udp
US 8.8.8.8:53 kuqsio.org udp
US 8.8.8.8:53 sutixkkyh.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 mgfatmfap.info udp
US 8.8.8.8:53 kkkmbvatj.info udp
US 8.8.8.8:53 dpcsnozgi.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 arsgzcmax.info udp
US 8.8.8.8:53 gqgxrimieiy.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 kgvyrzsg.net udp
US 8.8.8.8:53 cdsydspsacx.info udp
US 8.8.8.8:53 wlviuatsaz.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 koemcen.info udp
US 8.8.8.8:53 zpquwtslfjiw.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 vkaqidtyai.net udp
US 8.8.8.8:53 wipurgaqr.net udp
US 8.8.8.8:53 pktgpflqntc.info udp
US 8.8.8.8:53 kqsoicykmu.org udp
US 8.8.8.8:53 teiznm.net udp
US 8.8.8.8:53 ptennov.info udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 ioeyyiwyeyay.com udp
US 8.8.8.8:53 iqdqlicfhiu.info udp
US 8.8.8.8:53 iwzyrmfnhpb.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 ofglgtxcpo.net udp
US 8.8.8.8:53 aphvza.net udp
US 8.8.8.8:53 zaogct.info udp
US 8.8.8.8:53 uwbyboziows.info udp
US 8.8.8.8:53 pmayaxydpe.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 mrqtswozxbsg.info udp
US 8.8.8.8:53 ewsagskgaeyi.com udp
US 8.8.8.8:53 bwmymej.net udp
US 8.8.8.8:53 fpzgjker.info udp
US 8.8.8.8:53 fhzezlljj.org udp
US 8.8.8.8:53 aisnfyh.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 vgjolpjqln.info udp
US 8.8.8.8:53 rfojmu.net udp
US 8.8.8.8:53 oxvijobiroly.net udp
US 8.8.8.8:53 dvcwnnzszqf.com udp
US 8.8.8.8:53 fowtbp.net udp
US 8.8.8.8:53 exispooex.info udp
US 8.8.8.8:53 nsrqpkm.net udp
US 8.8.8.8:53 cgumemessosk.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 ychymgrkk.net udp
US 8.8.8.8:53 ecoquq.org udp
US 8.8.8.8:53 jfdfya.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 kwwygy.com udp
US 8.8.8.8:53 mrwbgl.net udp
US 8.8.8.8:53 hcvwug.info udp
US 8.8.8.8:53 quvevqlqfby.net udp
US 8.8.8.8:53 nqrtjx.info udp
US 8.8.8.8:53 syowcuyoea.org udp
US 8.8.8.8:53 sieewkaqgs.com udp
US 8.8.8.8:53 xyhvhddre.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 vghlnpzjiv.info udp
US 8.8.8.8:53 mcmyyese.org udp
US 8.8.8.8:53 xmnllxncl.net udp
US 8.8.8.8:53 pboqlatkp.info udp
US 8.8.8.8:53 cogaomygcm.org udp
US 8.8.8.8:53 uiktxbvzjon.info udp
US 8.8.8.8:53 ooaugaseug.com udp
US 8.8.8.8:53 zopndqfz.net udp
US 8.8.8.8:53 uuiawq.com udp
US 8.8.8.8:53 sefrwhxd.info udp
US 8.8.8.8:53 fdtzhfluxci.com udp
US 8.8.8.8:53 laqgfsif.net udp
US 8.8.8.8:53 mlbomyv.net udp
US 8.8.8.8:53 ucnzjvtqtqp.net udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 nrgghmncpch.info udp
US 8.8.8.8:53 einodit.info udp
US 8.8.8.8:53 idnzcxhl.net udp
US 8.8.8.8:53 xfstzyt.net udp
US 8.8.8.8:53 bbzcbrhwkf.info udp
US 8.8.8.8:53 wskqiugwgm.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 nhwbzs.net udp
US 8.8.8.8:53 pbffodp.info udp
US 8.8.8.8:53 hmkduclgozze.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 xmyzftjh.net udp
US 8.8.8.8:53 msinpoqqn.net udp
US 8.8.8.8:53 blzyfvb.info udp
US 8.8.8.8:53 vzokgombzp.net udp
US 8.8.8.8:53 ewjqngn.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 yiuycwagmw.com udp
US 8.8.8.8:53 xctygjjwhefy.net udp
US 8.8.8.8:53 lxybrwnwn.info udp
US 8.8.8.8:53 cmopwwjmlhc.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 sulqzm.net udp
US 8.8.8.8:53 ivcntbhudkx.info udp
US 8.8.8.8:53 cbdxtggq.info udp
US 8.8.8.8:53 vkzhgqxcj.com udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 swuwqoeeuoma.com udp
US 8.8.8.8:53 nkdcqobr.net udp
US 8.8.8.8:53 jepodjp.com udp
US 8.8.8.8:53 ykusua.org udp
US 8.8.8.8:53 fajeonvw.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 clzkmstf.net udp
US 8.8.8.8:53 zkpzpkn.com udp
US 8.8.8.8:53 xnpyqt.info udp
US 8.8.8.8:53 nyfmcylu.net udp
US 8.8.8.8:53 jpjitj.info udp
US 8.8.8.8:53 osrvvwfqtms.net udp
US 8.8.8.8:53 zdkcheoy.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 hfswnxafkcrk.net udp
US 8.8.8.8:53 pevgzwx.com udp
US 8.8.8.8:53 mobkpkljx.info udp
US 8.8.8.8:53 ddpqtlkbqmgu.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 ruwwnrtodl.net udp
US 8.8.8.8:53 ushiomfgcwn.net udp
US 8.8.8.8:53 jkrsuxwtml.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 xbvaeyibgg.net udp
US 8.8.8.8:53 pbstzbchufek.net udp
US 8.8.8.8:53 skxgwrnmdp.net udp
US 8.8.8.8:53 cqpohaaqhsb.info udp
US 8.8.8.8:53 okgmeams.org udp
US 8.8.8.8:53 lrxsghrcnr.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 jsjlcgfvrb.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 qgwcovshystp.info udp
US 8.8.8.8:53 nooqjs.info udp
US 8.8.8.8:53 vewaqhwt.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 cwcmum.com udp
US 8.8.8.8:53 jlnpnunchke.org udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ufxapszat.net udp
US 8.8.8.8:53 ziujnw.info udp
US 8.8.8.8:53 aekoyu.com udp
US 8.8.8.8:53 fbtkvgoqyy.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 lqzwzhzih.net udp
US 8.8.8.8:53 zpfjkoet.net udp
US 8.8.8.8:53 bqpssztj.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 sxefnv.info udp
US 8.8.8.8:53 gohmqalajsf.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 firzpotuljdz.net udp
US 8.8.8.8:53 scimuacsow.com udp
US 8.8.8.8:53 sswkwmmumymc.org udp
US 8.8.8.8:53 wslexcoaxiz.net udp
US 8.8.8.8:53 blpejqztjku.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 nuiebdxav.com udp
US 8.8.8.8:53 tytxxgt.net udp
US 8.8.8.8:53 dqbjvqxx.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 kbvitanxnbt.info udp
US 8.8.8.8:53 fvnyjuvirg.info udp
US 8.8.8.8:53 qcclscrydan.info udp
US 8.8.8.8:53 ejdarm.net udp
US 8.8.8.8:53 ugoawookuwcq.com udp
US 8.8.8.8:53 ygegkmfwpif.net udp
US 8.8.8.8:53 cggcjgr.net udp
US 8.8.8.8:53 xonclcxcfiw.org udp
US 8.8.8.8:53 cdalhlfkim.info udp
US 8.8.8.8:53 hubkputuszdm.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 bibahknuv.com udp
US 8.8.8.8:53 hmseuvfip.net udp
US 8.8.8.8:53 iurccqred.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 izbuvhoj.info udp
US 8.8.8.8:53 uotxtlhko.net udp
US 8.8.8.8:53 oppehslpipz.net udp
US 8.8.8.8:53 uyfooid.info udp
US 8.8.8.8:53 gcaqmseewiuw.com udp
US 8.8.8.8:53 vdgxjcdgzx.net udp
US 8.8.8.8:53 pfhqjsjdzakt.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 hcdvsib.org udp
US 8.8.8.8:53 sbkmnqyiv.net udp
US 8.8.8.8:53 kcyobre.net udp
US 8.8.8.8:53 boltddtv.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 etvntddo.net udp
US 8.8.8.8:53 duuwgwx.com udp
US 8.8.8.8:53 gdukthalrchx.info udp
US 8.8.8.8:53 lqzuhoeypvzo.net udp
US 8.8.8.8:53 dtueiuicno.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 lhcobsmuxk.net udp
US 8.8.8.8:53 dedgdgt.info udp
US 8.8.8.8:53 nnfkzeb.net udp
US 8.8.8.8:53 xglcsp.info udp
US 8.8.8.8:53 codlfcvwrid.net udp
US 8.8.8.8:53 dazgxqz.info udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 vtdgcpukdhct.net udp
US 8.8.8.8:53 hzydhefvvimf.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 eytsjktgqqn.net udp
US 8.8.8.8:53 netygbeox.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 suuquqig.org udp
US 8.8.8.8:53 aggmogkgiaue.com udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 ibsbgnpn.info udp
US 8.8.8.8:53 eciqiaqq.com udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 pmiilcxxf.com udp
US 8.8.8.8:53 qjtdghuuon.net udp
US 8.8.8.8:53 aahpzwbahhr.info udp
US 8.8.8.8:53 iqaaaodic.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 rzrhlm.net udp
US 8.8.8.8:53 fowcjinw.net udp
US 8.8.8.8:53 eawiyqwg.org udp
US 8.8.8.8:53 rjdkoiytdut.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 iwlvpffbz.info udp
US 8.8.8.8:53 qufahuv.info udp
US 8.8.8.8:53 gycgce.com udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 bkrobnowi.net udp
US 8.8.8.8:53 xvvqpgimfoma.net udp
US 8.8.8.8:53 sccuwm.org udp
US 8.8.8.8:53 fpbrxbjlby.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 oppfwkrqclal.net udp
US 8.8.8.8:53 lfefyabalmf.net udp
US 8.8.8.8:53 wjfmbgi.net udp
US 8.8.8.8:53 cywumrasxkp.net udp
US 8.8.8.8:53 hbkxelapjw.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 mqbwvenalkh.net udp
US 8.8.8.8:53 gzjdldhe.info udp
US 8.8.8.8:53 oqwqco.com udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 vdbtmkvpbejb.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 poemqzpxpgft.net udp
US 8.8.8.8:53 imhmqeoivty.info udp
US 8.8.8.8:53 tynxxlab.net udp
US 8.8.8.8:53 vgboksnbdlu.org udp
US 8.8.8.8:53 ceskckjipdh.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 iiowsqp.info udp
US 8.8.8.8:53 lfvjyd.info udp
US 8.8.8.8:53 ywnvyt.net udp
US 8.8.8.8:53 kgxtgz.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 mquiwsmuag.com udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 gngdymj.net udp
US 8.8.8.8:53 bhigxqvlvb.net udp
US 8.8.8.8:53 oceeye.org udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 lmjeomv.info udp
US 8.8.8.8:53 biojmndv.net udp
US 8.8.8.8:53 qctkymoht.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 tkjhbeded.net udp
US 8.8.8.8:53 wsceeyse.com udp
US 8.8.8.8:53 weygsmgqukam.com udp
US 8.8.8.8:53 dyjiombtv.com udp
US 8.8.8.8:53 kxthnyuyrcz.info udp
US 8.8.8.8:53 laasjh.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 ybfjbaixl.net udp
US 8.8.8.8:53 cmhxhqngf.info udp
US 8.8.8.8:53 ekpuedgb.info udp
US 8.8.8.8:53 hdebyuvytv.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 cssamu.org udp
US 8.8.8.8:53 odywavx.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 nexqrcvwfiz.org udp
US 8.8.8.8:53 qfgcwaho.info udp
US 8.8.8.8:53 awuces.org udp
US 8.8.8.8:53 zsyqlyceqk.net udp
US 8.8.8.8:53 vesegk.net udp
US 8.8.8.8:53 dxfybepqfdvc.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 yiygmoug.com udp
US 8.8.8.8:53 tdzszvm.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 rhxwaw.info udp
US 8.8.8.8:53 ichuubl.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 wkocyguiko.com udp
US 8.8.8.8:53 tbvlfynsrnrj.net udp
US 8.8.8.8:53 mskmammm.info udp
US 8.8.8.8:53 uewwam.org udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 hhrbdl.info udp
US 8.8.8.8:53 jgzjnvymi.org udp
US 8.8.8.8:53 ztjczssogks.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 nevsmynqooo.com udp
US 8.8.8.8:53 semyscageu.org udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 qynsmlkih.info udp
US 8.8.8.8:53 iqwkqayksemm.org udp
US 8.8.8.8:53 hlifyaop.info udp
US 8.8.8.8:53 ddrgvh.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 ywmqqslyz.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 jiwcbcmcxyh.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 tipsme.info udp
US 103.224.212.210:80 tipsme.info tcp
US 8.8.8.8:53 uqekgui.info udp
US 8.8.8.8:53 bqbgjwx.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 wmieicqq.org udp
US 8.8.8.8:53 uotvjsicjkj.info udp
US 8.8.8.8:53 ewlykh.info udp
US 8.8.8.8:53 tahzcngx.net udp
US 8.8.8.8:53 gsauyuqi.org udp
US 8.8.8.8:53 gvzvpvbpuu.net udp
US 8.8.8.8:53 dtfntqoprjji.net udp
US 8.8.8.8:53 xfmvctzzwt.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 ynvjcszu.net udp
US 8.8.8.8:53 dgziycyvtyl.net udp
US 8.8.8.8:53 zgkyfwpypui.info udp
US 8.8.8.8:53 nxxixqhqp.info udp
US 8.8.8.8:53 ovnqhtobw.info udp
US 8.8.8.8:53 uazolnii.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 agnybqy.net udp
US 8.8.8.8:53 sodemahohvh.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 zhtrmyijqy.info udp
US 8.8.8.8:53 cwwbhcxi.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 mngjhmv.info udp
US 8.8.8.8:53 fxzzxmcospds.net udp
US 8.8.8.8:53 mcxwerdv.info udp
US 8.8.8.8:53 nklpjtolb.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 umjxlt.net udp
US 8.8.8.8:53 dlcedff.net udp
US 8.8.8.8:53 puujfx.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 ckgauiseig.com udp
US 8.8.8.8:53 roucgnral.org udp
US 8.8.8.8:53 sytblnvkyl.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 ynxmljhtloz.net udp
US 8.8.8.8:53 ecnmne.info udp
US 8.8.8.8:53 xhrsoz.net udp
US 8.8.8.8:53 otbynjbp.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 jfpqqdqobex.net udp
US 8.8.8.8:53 gxpxhkjv.net udp
US 8.8.8.8:53 drbyvspcj.org udp
US 8.8.8.8:53 zgbaezq.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 ijodkjmdxa.info udp
US 8.8.8.8:53 innagarno.net udp
US 8.8.8.8:53 mthcdwpmvvs.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 hoatlhcxpfba.info udp
US 8.8.8.8:53 qgcivdpoduh.info udp
US 8.8.8.8:53 vukdtgd.info udp
US 8.8.8.8:53 zattweexof.info udp
US 8.8.8.8:53 uuhnjkje.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 konkgsqof.net udp
US 8.8.8.8:53 iywejt.info udp
US 8.8.8.8:53 ofpiullo.net udp
US 8.8.8.8:53 ahjrdqpiyyq.info udp
US 8.8.8.8:53 iwnsys.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 pgdrzr.info udp
US 8.8.8.8:53 genefgokl.net udp
US 8.8.8.8:53 blxujvj.org udp
US 8.8.8.8:53 npetrsvi.info udp
US 8.8.8.8:53 wjvolvgmmv.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 foaurmp.net udp
US 8.8.8.8:53 zorohehpvdqw.info udp
US 8.8.8.8:53 hpibxh.info udp
US 8.8.8.8:53 lylhtjnctol.org udp
US 8.8.8.8:53 moxojhtypai.net udp
US 8.8.8.8:53 bdtdda.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 sckklowtn.info udp
US 8.8.8.8:53 dgxgpxfkaix.com udp
US 8.8.8.8:53 gsuqaiw.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 kqwyxqx.info udp
US 8.8.8.8:53 tcfsqfmcbu.info udp
US 8.8.8.8:53 receqmk.org udp
US 8.8.8.8:53 kokwupdgby.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 lzteiudervcm.info udp
US 8.8.8.8:53 ryrywsqk.info udp
US 8.8.8.8:53 memsrsvcltq.info udp
US 8.8.8.8:53 ynxobt.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 ukgaem.org udp
US 8.8.8.8:53 zoqcfgdup.com udp
US 8.8.8.8:53 yufzgvcy.net udp
US 8.8.8.8:53 mcmsywso.org udp
US 8.8.8.8:53 sarmxmdrnqc.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 heraofjywibl.info udp
US 8.8.8.8:53 wqpuzalt.info udp
US 8.8.8.8:53 gcjaxqt.net udp
US 8.8.8.8:53 dbnendxrhmtp.net udp
US 8.8.8.8:53 oqdesiwsnit.net udp
US 8.8.8.8:53 aogkkkcqymki.org udp
US 8.8.8.8:53 znlinygevif.org udp
US 8.8.8.8:53 ikcwhaznousb.info udp
US 8.8.8.8:53 dqjldw.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 hzmudyxngt.info udp
US 8.8.8.8:53 djpvvfs.org udp
US 8.8.8.8:53 wbakhn.info udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 tymvbyh.org udp
US 8.8.8.8:53 mmswgekmgo.com udp
US 8.8.8.8:53 pelwbalb.net udp
US 8.8.8.8:53 fxfwrxeobj.info udp
US 8.8.8.8:53 wncycqpiii.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 uzdvhctrsws.info udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 bylefyhnx.net udp
US 8.8.8.8:53 dwjtmzbdji.net udp
US 8.8.8.8:53 cdnuiurjbsxm.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 ujvssrcqf.net udp
US 8.8.8.8:53 ivpyblsbyddt.net udp
US 8.8.8.8:53 ceuqimycam.org udp
US 8.8.8.8:53 nftqhgfv.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 apxchhpqbp.info udp
US 8.8.8.8:53 yhbivwx.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 kkdihwdfnur.info udp
US 8.8.8.8:53 pdvfratsojp.com udp
US 8.8.8.8:53 toudyt.info udp
US 8.8.8.8:53 cstkfejpp.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 dmhsltiybaw.net udp
US 8.8.8.8:53 wcuowwwoic.org udp
US 8.8.8.8:53 gsfszojiceh.info udp
US 8.8.8.8:53 yacuqueq.org udp
US 8.8.8.8:53 rwzjdujlijpi.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 uzzjtnfjtx.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 lgjhbmuez.net udp
US 8.8.8.8:53 kdfumkh.info udp
US 8.8.8.8:53 iuacxe.net udp
US 8.8.8.8:53 uvurboxdgmto.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 bbnvrlahde.net udp
US 8.8.8.8:53 arbsvzz.info udp
US 8.8.8.8:53 mypdhmhjhv.info udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 oaqkmksuwkqi.com udp
US 8.8.8.8:53 faljhg.info udp
US 8.8.8.8:53 oerllu.net udp
US 8.8.8.8:53 wmyissysou.org udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 csuksgsu.org udp
US 8.8.8.8:53 hlxqpyzblicy.net udp
US 8.8.8.8:53 eczuugk.info udp
US 8.8.8.8:53 hytlvzlmhxdo.net udp
US 8.8.8.8:53 caxefq.net udp
US 8.8.8.8:53 haxolenar.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 sjvgbur.info udp
US 8.8.8.8:53 vrtkoruopgjp.net udp
US 8.8.8.8:53 ntjqbipw.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 aqtzpymezgf.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 wtwavsvhjpy.info udp
US 8.8.8.8:53 igzcvqf.net udp
US 8.8.8.8:53 dxqtdiiahk.info udp
US 8.8.8.8:53 fkocscdzbg.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 bokmbmdepgh.net udp
US 8.8.8.8:53 jpjfzc.net udp
US 8.8.8.8:53 nwjbjsh.com udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 nalyuwoftjdi.net udp
US 8.8.8.8:53 lctwrkj.com udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 ucomgsigaymw.com udp
US 8.8.8.8:53 hmnxepcabint.info udp
US 8.8.8.8:53 usjekmdukik.net udp
US 8.8.8.8:53 watulwldlam.info udp
US 8.8.8.8:53 hirsllfq.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 gikcegya.com udp
US 8.8.8.8:53 uadyzgykl.net udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 xitbtenmj.info udp
US 8.8.8.8:53 ryjwgsg.org udp
US 8.8.8.8:53 hderxm.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 fzhfbbstgg.info udp
US 8.8.8.8:53 aeyqwycqouus.com udp
US 8.8.8.8:53 zowsjdjumvnc.net udp
US 8.8.8.8:53 kycagccyykuo.com udp
US 8.8.8.8:53 nxjabftjfx.info udp
US 8.8.8.8:53 qdsxis.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 hmzolwn.net udp
US 8.8.8.8:53 tmuoefrmron.info udp
US 8.8.8.8:53 oekacu.org udp
US 8.8.8.8:53 hwryjrkxxt.info udp
US 8.8.8.8:53 pepdnezalyz.info udp
US 8.8.8.8:53 rlhflm.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 pjpmpkpqu.com udp
US 8.8.8.8:53 qqnctidib.net udp
US 8.8.8.8:53 gwkcesoeua.com udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 rxypuc.info udp
US 8.8.8.8:53 vihxtze.com udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 javlyavj.info udp
US 8.8.8.8:53 kgsoqusmao.com udp
US 8.8.8.8:53 puiipttccvb.com udp
US 8.8.8.8:53 hircyb.info udp
US 8.8.8.8:53 mkceieyml.info udp
US 8.8.8.8:53 dkvcblv.info udp
US 8.8.8.8:53 iwoouml.info udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 kcckokoemgie.org udp
US 8.8.8.8:53 yaaeeq.com udp
US 8.8.8.8:53 jvvruulhqiid.info udp
US 8.8.8.8:53 usewgekswise.org udp
US 8.8.8.8:53 ogqcgyceukmc.org udp
US 8.8.8.8:53 ygfmkg.info udp
US 8.8.8.8:53 vuvqvpywfl.info udp
US 8.8.8.8:53 lbxczrzdztn.org udp
US 8.8.8.8:53 bgosyetadntf.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 dalquhj.com udp
US 8.8.8.8:53 ytzoiinthop.info udp
US 8.8.8.8:53 sisaewaamowo.org udp
US 8.8.8.8:53 xojgyjx.com udp
US 8.8.8.8:53 ydnjuaarjo.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 xlleoqx.info udp
US 8.8.8.8:53 ieawwuoa.com udp
US 8.8.8.8:53 swecui.org udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 hojomuxdd.org udp
US 8.8.8.8:53 iimsyy.org udp
US 8.8.8.8:53 ffhlyi.net udp
US 8.8.8.8:53 qiqkuk.org udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 wciweusk.com udp
US 8.8.8.8:53 lpyzxueqh.com udp
US 8.8.8.8:53 zkrujccuq.com udp
US 8.8.8.8:53 feibjeh.net udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 lidpjtxspuro.info udp
US 8.8.8.8:53 xkewltzscms.com udp
US 8.8.8.8:53 xkpkprdup.org udp
US 8.8.8.8:53 ehuivrdih.info udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 ecscoe.org udp
US 8.8.8.8:53 cyesackoyask.org udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 mwacsoiq.com udp
US 8.8.8.8:53 tobgbd.net udp
US 8.8.8.8:53 eduilyvhpmka.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 qmridkj.net udp
US 8.8.8.8:53 sgmqki.org udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 cilggmewzkv.info udp
US 8.8.8.8:53 tvcgrzr.net udp
US 8.8.8.8:53 bcnghtxwjpqw.net udp
US 8.8.8.8:53 dmxclilkdjf.com udp
US 8.8.8.8:53 tirvxdricu.net udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 rwokit.net udp
US 8.8.8.8:53 zkunjlxqmaa.net udp
US 8.8.8.8:53 mdwpws.info udp
US 8.8.8.8:53 zhomtabjnla.com udp
US 8.8.8.8:53 unhgzgfew.info udp
US 8.8.8.8:53 irncrwdnxym.info udp
US 8.8.8.8:53 pjdwlf.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 iirkxsoin.net udp
US 8.8.8.8:53 zkswqgyt.info udp
US 8.8.8.8:53 xmhqrchqn.com udp
US 162.241.85.41:80 kiokao.com tcp
US 8.8.8.8:53 lowfbmri.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 hwldvx.net udp

Files

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

MD5 cc52437b203166c0639cba4112374e15
SHA1 c8d1342e85910208c67c7afd7fe9ff1059bc51ea
SHA256 dfc5cbdd18d8f313cb7d214de1bd55391de535c0ad59d541f602c6666d040033
SHA512 c7405cb4734bb13c0becf39574de8360b8ab74b909d3bb749e5d1be8751543e9e58eef056c53a45146c8a146e10d0ab0eb190572d9d28054248967cce8c03ee1

C:\Windows\SysWOW64\ljtredphbpjjmaibqh.exe

MD5 b00543b6e9ead74528eb07622f2f5c94
SHA1 36310f1caec808d700c5f8147ebb1b6f60aee09a
SHA256 075f8ff04a2ce29d55c82f2fabfa76187e0933b6b154614b45d5c5fdd41ed2a3
SHA512 7f2937a25b363b139839cf491e7e9e2097ab5d469b3d8486aa23782b816fc63a7bd43f522c0fab1780dd80db32a0d5c84df635851ceb1f7d64bffc84e294bd4b

C:\Users\Admin\AppData\Local\Temp\wjivxlm.exe

MD5 5274272730fbe803779e09010b34550e
SHA1 6c41d16844fe78c362d72eaaabd6fa1ace1828de
SHA256 3b73b53fc02463e76e85198758399cfc6488e199a305b4df2e6e3a2580cbc6b8
SHA512 76847b500e4f77a2037e0bfc61b7cc076020bf4221cebafb335747a579d265978c25096ebdb21f9a83ff3c60b9e96f3a29ca3f72d84952f0e192f6de12438359

C:\Users\Admin\AppData\Local\dlfnktprvtxhusknmnnvpxud.bfd

MD5 75cb4657e2515f60dd2e937db5313da7
SHA1 2541257ae165802eefe2895b80d8f65814f1e1fe
SHA256 50368a991d06fd26b3b35b947b96c5673f0e9e119142c4acea7e1f020320f9ed
SHA512 033332ecd53e4e5352ffdb69517ba06321b6216dbaa5394303d09a15cf844cbafe3b6768576a4e698dbf8a87bc2210d55b8a449668eff553a8cb90532235595a

C:\Users\Admin\AppData\Local\mfkdlfmzoxmhforfpbmfkdlfmzoxmhforfp.mfk

MD5 6ab58a710575eae83fd3d4c142fb4275
SHA1 fc1066e31ba5aef18c9076c482d1c45f7b4cbf05
SHA256 2e5711b1fbb11202e705d1048cf7e6214a58d9e911c4b1545a45e62b5f19c358
SHA512 70958ee88c4633be1b7a5fc4b894ef305cba11e1d526071198a3648f491340457a926cafac25713007e6a31c614c3e91be1bc8f5b5421719395ba6b2aaf3de3e

C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd

MD5 f3c3dbd3356d66064077dc6fbdb55caa
SHA1 bf308763058a90f2e523dfbbf9e8065c2cf83bec
SHA256 7dca220d00f8164e53e38f98554eb6df8232213340afff7d63b6b9bac41bb97c
SHA512 36681a1e12b018a93d92db6e20800ba34183c58b7b7edd0072efd5326ce37c77150562ba24b2489169869ed2aeb10ab42c95f39230d1280cdcb418dfbfe73b80

C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd

MD5 286b64527b544a6ef7080b6c7f9bcb0e
SHA1 d5e27b4bfd6045b6249e822db44257da74cd8193
SHA256 aee3f1b34cb834167084eb712dba5c0f3babd866d6d6d989d20301fdcfc4f00f
SHA512 054d0a5b149ae0e35facf23416bda565bf4ec4d502e0450957fee024a2427302295666e56d2a86c326c3a902f66dd0bc397654f219f6ce4aaabff67dd5cc13da

C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd

MD5 b746b1ac229e6bcf7ae74e7ee681d9fc
SHA1 f33cd3cb70bde9e9a81612aef5c0408d2e3e285d
SHA256 5d4c00baebb6502514b823028986b2490239037f9c844fcd5520f6c4100d9eb1
SHA512 d86c085e8115a0e5d6d88501e267401e43f114a4e179aa9c54fc9ddd09af944ccd36c8527e00da4551d8b9cf6bd03c23b52197ca4e96a0fadb080aa45c8841e4

C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd

MD5 30ba70477042a5170e69afc995f271c8
SHA1 c254d2d5a64d71017950a3daf2fbecaa91175270
SHA256 ff70e2696f9fb6debad9f6c3d30e823dfa5bef23e0e2ceb21152c6d38dc7647d
SHA512 13c5b276525310593a8ec2e4582f535048f3252e91c537db590d8968eb21123865ba5a660af03116b67a09f6727a7eec089bb74db5a51a284c5aab29b70b36a4

C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd

MD5 9003fef1377fe55362ff3a44ec591901
SHA1 7523983bc90c93d0845c8743495488df638c4533
SHA256 522f925f6f5747def9b66015cb82c2221d851580a4cea284ca68dd925c7ff97c
SHA512 01059145bd682feafdad09b1ecd861ad492a8e088bc19dcc3aa6d81219184daf7061d036ade89675d54b0250bcd8b2421955c8101a9f14077f255de6711e94ea

C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd

MD5 7ff49839c2e68461789d2338423c0ba8
SHA1 5179eee7ca23b910b662b1c3e7dbfac8685aade7
SHA256 b2354d3bceddead9cf2c46a00ac90b77770b9cd65c59e9923617befaee6a11fd
SHA512 cc8ec4ed06cdfb36058c1da9a1ed2cac4d9c3745176bbc07c28c583d8e4f32b93fdb9bd978a667767b27e6360db1ebc7870ccaaa576875103bbe711dddfc4a88

C:\Program Files (x86)\dlfnktprvtxhusknmnnvpxud.bfd

MD5 c629ec83b61e9e07d7c9655e792570e3
SHA1 c6658e2a530f32dc3ea5f6a7648595f5a71f371b
SHA256 57a7b484cdbcc30099edf4ab9fb783750c10dfbd2d951106cbb3d5fa53692a27
SHA512 ae00e0a2efa600769b4558ece99ca287a53c30d5a05e17f562420aeb8cc7114153f0328595c4089cb6e716d54a6bfb606ab4af417837142cb46a8ee5c0689b5a