Malware Analysis Report

2025-08-10 16:33

Sample ID 250411-ejr9nsyqs3
Target JaffaCakes118_acd201e3179f1bea3176625e53ae74a0
SHA256 5362c09319c951bf520453f62ce8e2b521322aaed60b929fe2cb4f11085d0250
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5362c09319c951bf520453f62ce8e2b521322aaed60b929fe2cb4f11085d0250

Threat Level: Known bad

The file JaffaCakes118_acd201e3179f1bea3176625e53ae74a0 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

Pykspa family

UAC bypass

Modifies WinLogon for persistence

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Blocklisted process makes network request

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks computer location settings

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-11 03:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-11 03:58

Reported

2025-04-11 04:01

Platform

win10v2004-20250314-en

Max time kernel

46s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\arywgyqbwiatrxfu.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Windows\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
N/A N/A C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Windows\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Windows\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Windows\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
N/A N/A C:\Windows\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
N/A N/A C:\Windows\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
N/A N/A C:\Windows\arywgyqbwiatrxfu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\arywgyqbwiatrxfu.exe N/A
N/A N/A C:\Windows\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\hzhgrkdplyrlkraqa.exe N/A
N/A N/A C:\Windows\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Windows\arywgyqbwiatrxfu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Windows\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
N/A N/A C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
N/A N/A C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "ojuwkgcrqgczblxqdkkf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "dzlodaxnnebzcnauiqrnz.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "qjsseysfcqkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "ojuwkgcrqgczblxqdkkf.exe ." C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "bvfgtojxvkfbclwoagf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "qjsseysfcqkffnxoze.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "bvfgtojxvkfbclwoagf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\SysWOW64\ileokospwuydnfzavksvoyuy.zge C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File created C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Program Files (x86)\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File created C:\Windows\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File created C:\Windows\ileokospwuydnfzavksvoyuy.zge C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ureiywulmecbfrfapyaxko.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ojuwkgcrqgczblxqdkkf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\bvfgtojxvkfbclwoagf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dzlodaxnnebzcnauiqrnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bvfgtojxvkfbclwoagf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojuwkgcrqgczblxqdkkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qjsseysfcqkffnxoze.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\arywgyqbwiatrxfu.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5860 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 5860 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 5860 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 3400 wrote to memory of 696 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 3400 wrote to memory of 696 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 3400 wrote to memory of 696 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 5092 wrote to memory of 4980 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 5092 wrote to memory of 4980 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 5092 wrote to memory of 4980 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 4980 wrote to memory of 1188 N/A C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4980 wrote to memory of 1188 N/A C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4980 wrote to memory of 1188 N/A C:\Windows\qjsseysfcqkffnxoze.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4840 wrote to memory of 2200 N/A C:\Windows\system32\cmd.exe C:\Windows\hzhgrkdplyrlkraqa.exe
PID 4840 wrote to memory of 2200 N/A C:\Windows\system32\cmd.exe C:\Windows\hzhgrkdplyrlkraqa.exe
PID 4840 wrote to memory of 2200 N/A C:\Windows\system32\cmd.exe C:\Windows\hzhgrkdplyrlkraqa.exe
PID 2668 wrote to memory of 1940 N/A C:\Windows\system32\cmd.exe C:\Windows\dzlodaxnnebzcnauiqrnz.exe
PID 2668 wrote to memory of 1940 N/A C:\Windows\system32\cmd.exe C:\Windows\dzlodaxnnebzcnauiqrnz.exe
PID 2668 wrote to memory of 1940 N/A C:\Windows\system32\cmd.exe C:\Windows\dzlodaxnnebzcnauiqrnz.exe
PID 5936 wrote to memory of 4436 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
PID 5936 wrote to memory of 4436 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
PID 5936 wrote to memory of 4436 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
PID 3844 wrote to memory of 4172 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
PID 3844 wrote to memory of 4172 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
PID 3844 wrote to memory of 4172 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
PID 1940 wrote to memory of 848 N/A C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 1940 wrote to memory of 848 N/A C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 1940 wrote to memory of 848 N/A C:\Windows\dzlodaxnnebzcnauiqrnz.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4172 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4172 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4172 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4552 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
PID 4552 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
PID 4552 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
PID 4684 wrote to memory of 3552 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
PID 4684 wrote to memory of 3552 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
PID 4684 wrote to memory of 3552 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
PID 3552 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe C:\Windows\System32\Conhost.exe
PID 3552 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe C:\Windows\System32\Conhost.exe
PID 3552 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe C:\Windows\System32\Conhost.exe
PID 5884 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
PID 5884 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
PID 5884 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
PID 5884 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
PID 5884 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
PID 5884 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
PID 1136 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\dzlodaxnnebzcnauiqrnz.exe
PID 1136 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\dzlodaxnnebzcnauiqrnz.exe
PID 1136 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\dzlodaxnnebzcnauiqrnz.exe
PID 2112 wrote to memory of 2484 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 2112 wrote to memory of 2484 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 2112 wrote to memory of 2484 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 2504 wrote to memory of 3408 N/A C:\Windows\system32\cmd.exe C:\Windows\hzhgrkdplyrlkraqa.exe
PID 2504 wrote to memory of 3408 N/A C:\Windows\system32\cmd.exe C:\Windows\hzhgrkdplyrlkraqa.exe
PID 2504 wrote to memory of 3408 N/A C:\Windows\system32\cmd.exe C:\Windows\hzhgrkdplyrlkraqa.exe
PID 4016 wrote to memory of 3136 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 4016 wrote to memory of 3136 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 4016 wrote to memory of 3136 N/A C:\Windows\system32\cmd.exe C:\Windows\qjsseysfcqkffnxoze.exe
PID 3408 wrote to memory of 4496 N/A C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 3408 wrote to memory of 4496 N/A C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 3408 wrote to memory of 4496 N/A C:\Windows\hzhgrkdplyrlkraqa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 1076 wrote to memory of 4428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1076 wrote to memory of 4428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1076 wrote to memory of 4428 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 6020 wrote to memory of 4668 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe"

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_acd201e3179f1bea3176625e53ae74a0.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe

"C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe" "-C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe"

C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe

"C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe" "-C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe

C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\hzhgrkdplyrlkraqa.exe

hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."

C:\Windows\dzlodaxnnebzcnauiqrnz.exe

dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\bvfgtojxvkfbclwoagf.exe

bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .

C:\Windows\arywgyqbwiatrxfu.exe

arywgyqbwiatrxfu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe

C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe

C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\ojuwkgcrqgczblxqdkkf.exe

ojuwkgcrqgczblxqdkkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\qjsseysfcqkffnxoze.exe

qjsseysfcqkffnxoze.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .

Network

Country Destination Domain Proto
GB 88.221.135.11:443 www.bing.com tcp
GB 88.221.135.11:443 www.bing.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.ebay.com udp
GB 104.96.173.155:80 www.ebay.com tcp
TR 46.1.178.249:43014 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 iarbxh.net udp
US 8.8.8.8:53 qezwimuybmb.net udp
US 8.8.8.8:53 oouokescyw.com udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 yodvdryqdq.info udp
US 8.8.8.8:53 bsbcvu.info udp
US 8.8.8.8:53 axrtlmxeok.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 dvlpph.net udp
US 8.8.8.8:53 jktijyykjy.info udp
US 8.8.8.8:53 zeqthdivdthn.info udp
US 8.8.8.8:53 qsjjxevml.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 wzfnno.info udp
US 8.8.8.8:53 rknekagyf.net udp
US 8.8.8.8:53 wmogoioo.com udp
US 8.8.8.8:53 bigmtvteyk.net udp
US 8.8.8.8:53 lffasgtyiqf.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 vvdyauxc.net udp
US 8.8.8.8:53 wzhbqqpc.net udp
US 8.8.8.8:53 pzlibo.info udp
US 8.8.8.8:53 wqrnxwnd.info udp
US 8.8.8.8:53 lgncbyr.org udp
US 8.8.8.8:53 jjmbhifbsyfb.net udp
US 8.8.8.8:53 rsxcbfhhbdv.info udp
US 8.8.8.8:53 vijoqz.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 alransqrzrrr.net udp
US 8.8.8.8:53 hjxcitgi.info udp
US 8.8.8.8:53 iuwauu.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 jciydwyrj.net udp
US 8.8.8.8:53 piqkhedmnih.net udp
US 8.8.8.8:53 lbdqfoeqi.com udp
US 8.8.8.8:53 yewmgayy.com udp
US 8.8.8.8:53 luvehemiri.info udp
LT 87.247.97.61:34823 tcp
US 8.8.8.8:53 pstsgyri.info udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 aqrdxx.info udp
US 8.8.8.8:53 zqtnfmyzbmh.com udp
US 8.8.8.8:53 cpxzdcjin.net udp
US 8.8.8.8:53 gnnpcy.info udp
US 8.8.8.8:53 lssxocuxjsyt.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 eeumkasa.com udp
US 8.8.8.8:53 amoeusigyymy.org udp
US 8.8.8.8:53 bcxglpbeqfj.com udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 mvrjzhrx.net udp
US 8.8.8.8:53 zwlulajkf.info udp
US 8.8.8.8:53 axfizabqk.info udp
US 8.8.8.8:53 pwzurcp.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 mgmiyguiye.org udp
US 8.8.8.8:53 twxzvgjf.info udp
US 8.8.8.8:53 iwyhtkqlmaj.info udp
US 8.8.8.8:53 lonepub.net udp
US 8.8.8.8:53 lltdyn.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 sysiuwms.com udp
US 8.8.8.8:53 ldfpacrl.net udp
US 8.8.8.8:53 ocdarmlyr.net udp
US 8.8.8.8:53 ktdyfqzgsvl.net udp
US 8.8.8.8:53 kcusiqcoomqe.org udp
US 8.8.8.8:53 gsuuxlbul.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 ncrernmpxl.net udp
US 8.8.8.8:53 qndyjnoc.info udp
US 8.8.8.8:53 qgkfpytcpim.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 hqwzxbrrbb.net udp
US 8.8.8.8:53 oaeaum.org udp
US 8.8.8.8:53 ysswio.org udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 tohftotvrjjg.net udp
US 8.8.8.8:53 xohejcpej.org udp
US 8.8.8.8:53 nqtkswddj.com udp
US 8.8.8.8:53 bsvgnjnob.com udp
US 8.8.8.8:53 xolycvchrthp.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 hvnstwhqnci.net udp
US 8.8.8.8:53 sgtxhc.info udp
US 8.8.8.8:53 quykkeciegia.org udp
US 8.8.8.8:53 yjeisqoql.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 kwrcxeh.info udp
US 8.8.8.8:53 ukmgyaqqggea.com udp
US 8.8.8.8:53 bfhuks.info udp
US 8.8.8.8:53 qwwgug.org udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 zbjssyugverm.net udp
US 8.8.8.8:53 ilyxsnbwqs.net udp
US 8.8.8.8:53 byvpijskyqj.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 eamybaw.info udp
TR 176.41.172.140:14171 tcp
US 8.8.8.8:53 yeqcsd.net udp
US 8.8.8.8:53 pyerxnxa.info udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 xjbwdcq.net udp
US 8.8.8.8:53 qosgkieako.org udp
US 8.8.8.8:53 jsneokiy.info udp
US 8.8.8.8:53 cwixrzskukh.net udp
US 8.8.8.8:53 fcrnvoxojbgu.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 cdvroyuviie.net udp
US 8.8.8.8:53 vuhxtct.com udp
US 8.8.8.8:53 oazqtucss.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 gogworm.net udp
US 8.8.8.8:53 eafrcu.info udp
US 8.8.8.8:53 nwdlay.net udp
US 8.8.8.8:53 dgjjttnjba.net udp
US 8.8.8.8:53 oplijvow.net udp
US 8.8.8.8:53 supknxt.info udp
US 8.8.8.8:53 sargqylmqq.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 zxlpyazedst.net udp
US 8.8.8.8:53 vsxilglus.org udp
US 8.8.8.8:53 iqnobkrfdma.info udp
US 8.8.8.8:53 dutlpjrdd.com udp
US 8.8.8.8:53 iyoyaea.info udp
US 8.8.8.8:53 wopndxjpoy.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 kknnkmkp.net udp
US 8.8.8.8:53 jwrvbwvl.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 awrwipzbsw.net udp
US 8.8.8.8:53 fomoat.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 rxscqlijx.org udp
US 8.8.8.8:53 xsfhufdoloo.net udp
US 8.8.8.8:53 xhrpmmvwcs.info udp
US 8.8.8.8:53 lrnunr.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 vppiewsu.net udp
US 8.8.8.8:53 teaofavwt.org udp
LT 78.57.148.215:14271 tcp
US 8.8.8.8:53 ozlekcn.net udp
US 8.8.8.8:53 fwtgwxxgdaz.info udp
US 8.8.8.8:53 thwtdf.net udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 soccqwum.com udp
US 8.8.8.8:53 bmsqkuv.info udp
US 8.8.8.8:53 wpsrbhbu.net udp
US 8.8.8.8:53 nwvfouxihje.org udp
US 8.8.8.8:53 quikggwuqqqq.com udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 xyjqlwtvg.info udp
US 8.8.8.8:53 xhbyfijbxju.info udp
US 8.8.8.8:53 grfqpuuowmt.info udp
US 8.8.8.8:53 ojfctbdsjsx.net udp
US 8.8.8.8:53 zaumdvrlkc.info udp
US 8.8.8.8:53 dvvqxepmn.info udp
US 8.8.8.8:53 pdsqbb.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 ykboianqlvu.info udp
US 8.8.8.8:53 cjtilbvid.net udp
US 8.8.8.8:53 ckgaywwkgyca.org udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 calydcx.info udp
US 8.8.8.8:53 xjhzac.net udp
US 8.8.8.8:53 jkhgkt.info udp
US 8.8.8.8:53 denjyemtisxn.net udp
US 8.8.8.8:53 bjdurzhcz.info udp
US 8.8.8.8:53 knywkbpmvqfd.net udp
US 8.8.8.8:53 ceowcmfezkb.info udp
US 8.8.8.8:53 xohwfv.info udp
US 8.8.8.8:53 brtjun.info udp
RU 109.171.90.106:22110 tcp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 vixyqctjqef.com udp
US 8.8.8.8:53 issaukywsi.com udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 xuywhelwf.org udp
US 8.8.8.8:53 iaurgkamly.net udp
US 8.8.8.8:53 wgforqfwd.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 kejycuzof.net udp
US 8.8.8.8:53 qbulkvmbdu.info udp
US 8.8.8.8:53 kdqxkurgjt.info udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 ipdjfkjelpu.net udp
US 8.8.8.8:53 igietwhsv.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 zsfkwet.com udp
US 8.8.8.8:53 cupvhbjzlm.net udp
US 8.8.8.8:53 chbptbpqadtd.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 qeecco.com udp
US 8.8.8.8:53 bhivfjpykju.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 xhoehv.net udp
US 8.8.8.8:53 cdkfswjoxp.net udp
US 8.8.8.8:53 axsdeb.net udp
US 8.8.8.8:53 jbdajgp.info udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 emoaqsay.org udp
US 8.8.8.8:53 kaumyseqwuag.org udp
US 8.8.8.8:53 aoappb.info udp
US 8.8.8.8:53 euugquuueu.com udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 pnetmqwq.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 zunopexqhfsk.net udp
US 8.8.8.8:53 ygvboaswnf.info udp
US 8.8.8.8:53 chymzsvylji.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 mgmcocgy.org udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 ioeyyiwyeyay.com udp
US 8.8.8.8:53 smqynhz.net udp
US 8.8.8.8:53 ipuuqrbal.info udp
US 8.8.8.8:53 bdpjvnkope.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 rqdklicqmj.info udp
US 8.8.8.8:53 ofglgtxcpo.net udp
US 8.8.8.8:53 fyfyrtfye.org udp
US 8.8.8.8:53 iqnztuz.net udp
US 8.8.8.8:53 fpdopjdl.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 yjroygfrmn.net udp
US 8.8.8.8:53 liyofg.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 gkvfjnfwlt.net udp
US 8.8.8.8:53 gxfzgsjrlaz.net udp
US 8.8.8.8:53 zywqofn.net udp
US 8.8.8.8:53 rpngtuoix.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 opoocx.net udp
US 8.8.8.8:53 wfayrwvittd.info udp
US 8.8.8.8:53 jqdorsafr.org udp
US 8.8.8.8:53 mgaawoyg.org udp
US 8.8.8.8:53 mseyjor.info udp
US 8.8.8.8:53 bcwwzdf.com udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 sqvgycdul.net udp
US 8.8.8.8:53 xgtfrms.net udp
MD 178.168.84.35:41928 tcp
US 8.8.8.8:53 quvevqlqfby.net udp
US 8.8.8.8:53 wfqqpt.info udp
US 8.8.8.8:53 cqryfxlc.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 nyuqjmnmf.info udp
US 8.8.8.8:53 aqamqygm.org udp
US 8.8.8.8:53 zinibqlmr.org udp
US 8.8.8.8:53 pncxsulffvsb.info udp
US 8.8.8.8:53 idnzcxhl.net udp
US 8.8.8.8:53 jobvhzgpqn.info udp
US 8.8.8.8:53 xtdiaubydv.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 aywgsw.org udp
US 8.8.8.8:53 wpvmwsqsvx.net udp
US 8.8.8.8:53 adrwbrthdvdz.info udp
US 8.8.8.8:53 ewwuwy.org udp
US 8.8.8.8:53 jkfqzkl.com udp
US 8.8.8.8:53 pifonuxoh.com udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 ltqnfw.info udp
US 8.8.8.8:53 qasndnyvhzjv.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 lfdtcqi.org udp
US 8.8.8.8:53 dmdemtmyv.com udp
US 8.8.8.8:53 rqbtjmhkhj.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 vuxgnxm.info udp
US 8.8.8.8:53 nufandzcufz.org udp
US 8.8.8.8:53 hrosxs.info udp
US 8.8.8.8:53 tjanespkdg.info udp
RU 94.41.72.123:33459 tcp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 onouaunu.net udp
US 8.8.8.8:53 rigslqa.info udp
US 8.8.8.8:53 llnrnz.net udp
US 8.8.8.8:53 xegsxezsl.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 alfsqou.info udp
US 8.8.8.8:53 wpjnjxddtr.net udp
US 8.8.8.8:53 nyfmcylu.net udp
US 8.8.8.8:53 uvxvqoqp.info udp
US 8.8.8.8:53 dwpsvgzsjev.info udp
US 8.8.8.8:53 xlfilgtwp.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 tttapdby.info udp
US 8.8.8.8:53 osojoietyxcm.info udp
US 8.8.8.8:53 chhlzecvh.net udp
US 8.8.8.8:53 celiifue.info udp
US 8.8.8.8:53 wisawk.org udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 cimmyawqeycc.com udp
US 8.8.8.8:53 axfrfaq.net udp
US 8.8.8.8:53 csqzzigsbim.info udp
US 8.8.8.8:53 gftwfrav.net udp
US 8.8.8.8:53 lzxijni.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 zwjcwzjwpuqo.net udp
US 8.8.8.8:53 gkyunytqpyu.net udp
US 8.8.8.8:53 ycjwbgt.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 cfdogwhql.info udp
US 8.8.8.8:53 ehfzfszm.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 cwcmum.com udp
US 8.8.8.8:53 skpietw.net udp
US 8.8.8.8:53 uaqhworg.info udp
US 8.8.8.8:53 cxxifohkq.info udp
US 8.8.8.8:53 tohienky.info udp
US 8.8.8.8:53 wwmcjdnrsmoo.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 fawegcrazd.info udp
US 8.8.8.8:53 fbtkvgoqyy.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 qzlkronex.info udp
US 8.8.8.8:53 zpfjkoet.net udp
US 8.8.8.8:53 yquwgcyyskcw.org udp
US 8.8.8.8:53 ecieoueosuue.org udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 sxefnv.info udp
US 8.8.8.8:53 yuxdfy.net udp
US 8.8.8.8:53 mcyswo.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 dckmjrwkift.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 dszstiocw.com udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 swpfzfj.net udp
US 8.8.8.8:53 bjthuj.net udp
US 8.8.8.8:53 nbxjiur.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 cpimnhtlcywh.net udp
US 8.8.8.8:53 svrmnwy.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 uotxtlhko.net udp
US 8.8.8.8:53 iweedyzqi.net udp
US 8.8.8.8:53 imtfqvijgr.net udp
US 8.8.8.8:53 fceaihpjhlj.org udp
US 8.8.8.8:53 lpstck.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 diegsmpkzsv.info udp
US 8.8.8.8:53 ayyqweigaeag.com udp
US 8.8.8.8:53 gitoge.net udp
US 8.8.8.8:53 sbrsdqbeion.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 bazsjqtz.info udp
US 8.8.8.8:53 lqzuhoeypvzo.net udp
US 8.8.8.8:53 wcnagzztdt.info udp
US 8.8.8.8:53 jcjqksjoasx.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
BG 151.237.114.2:26434 tcp
US 8.8.8.8:53 pajjkftbcnnu.info udp
US 8.8.8.8:53 llljfchebsah.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 skzqcab.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 cgfmvyxmf.info udp
US 8.8.8.8:53 ateftn.net udp
US 8.8.8.8:53 ziqobwngb.net udp
US 8.8.8.8:53 ccptaux.net udp
US 8.8.8.8:53 ztyiksaswmt.org udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 tfptlyeyrv.net udp
US 8.8.8.8:53 fsgozjwhtpmp.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 fudmvzlsr.net udp
US 8.8.8.8:53 osgixcjgj.info udp
US 8.8.8.8:53 emzglqg.net udp
US 8.8.8.8:53 celynhiqsj.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 fowcjinw.net udp
US 8.8.8.8:53 uoacim.org udp
US 8.8.8.8:53 rowjzbui.info udp
US 8.8.8.8:53 zijcncdzdzk.com udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 qufahuv.info udp
US 8.8.8.8:53 ugnjlqpv.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 gqmsjwjwl.net udp
US 8.8.8.8:53 uabgpqn.net udp
US 8.8.8.8:53 dufspmpipgpt.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 psdojwbmt.com udp
US 8.8.8.8:53 wqkynmn.net udp
US 8.8.8.8:53 lkietfsqr.org udp
US 8.8.8.8:53 zvgdfucq.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 jshuwgpylwh.net udp
US 8.8.8.8:53 lixghasybir.org udp
US 8.8.8.8:53 viweagw.net udp
US 8.8.8.8:53 ccsnwqprtohe.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 ioiaga.org udp
US 8.8.8.8:53 unjawxfvtx.info udp
US 8.8.8.8:53 qcpuzjhlagv.info udp
US 8.8.8.8:53 pdiqgfvhnxnx.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 chbxyuybt.info udp
US 8.8.8.8:53 ufeddghyhery.info udp
US 8.8.8.8:53 vgboksnbdlu.org udp
US 8.8.8.8:53 ceskckjipdh.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 lgyovegkn.info udp
US 8.8.8.8:53 kwipntfq.info udp
US 8.8.8.8:53 jpmnlzmfmvyj.net udp
US 8.8.8.8:53 sdftzo.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 lbrwylpp.info udp
US 8.8.8.8:53 myijvlphdw.net udp
US 8.8.8.8:53 iqkcma.com udp
RU 176.112.227.134:18104 tcp
US 8.8.8.8:53 nwzyvspezic.org udp
US 8.8.8.8:53 xtgaoqbw.info udp
US 8.8.8.8:53 wddmdwlmnj.net udp
US 8.8.8.8:53 dtfgxswqnwn.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 crqmsy.info udp
US 8.8.8.8:53 tffclgvsbqh.com udp
US 8.8.8.8:53 xipwxoqadir.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 pxjkesvda.com udp
US 8.8.8.8:53 okecugzupob.info udp
US 8.8.8.8:53 hifmfhlr.net udp
US 8.8.8.8:53 tmxgsgdqyzt.com udp
US 8.8.8.8:53 yemhmgd.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 wgwiim.com udp
US 8.8.8.8:53 nefvoxl.org udp
US 8.8.8.8:53 ncfpvndztgjc.net udp
US 8.8.8.8:53 ynpyripqr.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 yucgwygoawqm.org udp
US 8.8.8.8:53 awykzztksnjn.info udp
US 8.8.8.8:53 cwffjfbykplz.info udp
US 8.8.8.8:53 livshkfedff.info udp
US 8.8.8.8:53 rjeonllgnt.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 gyakauag.com udp
US 8.8.8.8:53 qfgcwaho.info udp
US 8.8.8.8:53 zomwufxfsmib.info udp
US 8.8.8.8:53 gcdhztjqkvx.info udp
US 8.8.8.8:53 hethbmjqgapd.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 kdgtioamrt.info udp
US 8.8.8.8:53 omuamos.info udp
US 8.8.8.8:53 rswaqarz.net udp
US 8.8.8.8:53 lrtsscpysnn.info udp
US 8.8.8.8:53 wccqwi.org udp
US 8.8.8.8:53 suwkwwms.org udp
LT 78.57.148.215:14271 tcp
US 8.8.8.8:53 cgvckez.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 zqbkuunrf.info udp
US 8.8.8.8:53 kktpkqzd.info udp
US 8.8.8.8:53 pklgnebeaup.com udp
US 8.8.8.8:53 yeylgfxqmcng.info udp
US 8.8.8.8:53 eoogsiwqis.org udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 xopiesvau.org udp
US 8.8.8.8:53 tdmgfkvcj.net udp
US 8.8.8.8:53 kugymkeueooy.org udp
US 8.8.8.8:53 czjslsn.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 kgfxwrspzwjx.info udp
US 8.8.8.8:53 eoderfte.info udp
US 8.8.8.8:53 fxxcrrnqzq.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 zddmwrjb.info udp
US 8.8.8.8:53 gnmilwoxboni.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 mofgulxl.net udp
US 8.8.8.8:53 emvhtuagh.net udp
US 8.8.8.8:53 aaycgrqkhmi.net udp
US 8.8.8.8:53 pnamdpruome.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 rsetmbbwxkdx.info udp
US 8.8.8.8:53 wbfoxoiyx.info udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 vxyybqhvx.net udp
US 8.8.8.8:53 xolebnj.info udp
US 8.8.8.8:53 ezxqdnxzfoby.info udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 dnpqoaxk.net udp
US 8.8.8.8:53 wmbdoklzrui.net udp
US 8.8.8.8:53 iysotb.net udp
US 8.8.8.8:53 jntcdzpsnv.info udp
US 8.8.8.8:53 drtcvurahs.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 kxrcuvszzbfn.net udp
US 8.8.8.8:53 xavcpsyx.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 zwkptgzyn.info udp
US 8.8.8.8:53 fqjoryxyfor.net udp
US 8.8.8.8:53 dujqjwff.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 gsauyuqi.org udp
US 8.8.8.8:53 gcxuigpej.net udp
US 8.8.8.8:53 gceucy.info udp
US 8.8.8.8:53 edcgqjszmnbf.info udp
BG 109.107.92.137:16832 tcp
US 8.8.8.8:53 vqamccncxbbn.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 xfytyx.info udp
US 8.8.8.8:53 uovgpaurdcy.net udp
US 8.8.8.8:53 jwuunub.org udp
US 8.8.8.8:53 fihslg.net udp
US 8.8.8.8:53 lopcpoq.info udp
US 8.8.8.8:53 fsysxheloaz.com udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 uqvmtwizjmj.net udp
US 8.8.8.8:53 iuqiwpbnvyt.info udp
US 8.8.8.8:53 ngjdngzed.com udp
US 8.8.8.8:53 pswxrm.info udp
US 8.8.8.8:53 ghkjumqnfc.net udp
US 8.8.8.8:53 gyerykjwp.net udp
US 8.8.8.8:53 ukhigmmqhkr.info udp
US 8.8.8.8:53 uwkyqqyyaw.org udp
US 8.8.8.8:53 ywyscmdkzog.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 wonyagz.net udp
US 8.8.8.8:53 oiuasews.org udp
US 8.8.8.8:53 qnxeekf.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 vdvvhh.net udp
US 8.8.8.8:53 pquylmznocqq.net udp
US 8.8.8.8:53 fwiitorhgwc.com udp
US 8.8.8.8:53 upclxbfh.info udp
US 8.8.8.8:53 wwgfnaudqidm.info udp
US 8.8.8.8:53 kqqcmyqeyc.org udp
US 8.8.8.8:53 simgwmykcaya.com udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 dlcedff.net udp
US 8.8.8.8:53 bqmrzf.net udp
US 8.8.8.8:53 kiqgmamsiayk.com udp
US 8.8.8.8:53 xypqxfeihi.info udp
US 8.8.8.8:53 zpcuhyxirszx.net udp
US 8.8.8.8:53 hyprkev.org udp
US 8.8.8.8:53 lgwzgpri.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 asucouxelie.info udp
US 8.8.8.8:53 yosuuw.com udp
US 8.8.8.8:53 tcjxqw.net udp
US 8.8.8.8:53 ddxccjikgj.net udp
BG 212.73.159.191:38314 tcp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 soeukwac.org udp
US 8.8.8.8:53 myuxfov.net udp
US 8.8.8.8:53 xpjziqi.net udp
US 8.8.8.8:53 hexsinh.info udp
US 8.8.8.8:53 smccqowuquck.com udp
US 8.8.8.8:53 dyivccucfnts.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 aneotaz.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 yqmeasckkscc.com udp
US 8.8.8.8:53 qgcivdpoduh.info udp
US 8.8.8.8:53 wgsceo.com udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 zudrloiiylnu.net udp
US 8.8.8.8:53 cileysngj.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 xavcvupho.net udp
US 8.8.8.8:53 upewoe.net udp
US 8.8.8.8:53 cqomau.com udp
US 8.8.8.8:53 npetrsvi.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 lylhtjnctol.org udp
US 8.8.8.8:53 imdgroj.net udp
US 8.8.8.8:53 zqhaqzhtyf.net udp
US 8.8.8.8:53 kfaoucvx.info udp
US 8.8.8.8:53 ikipjydd.info udp
US 8.8.8.8:53 vleivbbebw.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 wcewck.org udp
US 8.8.8.8:53 xuemmk.info udp
US 8.8.8.8:53 mmiskciyyacq.com udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 hkvipao.org udp
US 8.8.8.8:53 fndgmkvl.net udp
US 8.8.8.8:53 tcdkeyvyt.com udp
US 8.8.8.8:53 empxjffcc.net udp
US 8.8.8.8:53 ewuxtijvcvl.info udp
US 8.8.8.8:53 thejvczd.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 hktblewlppjj.info udp
US 8.8.8.8:53 fexnqmqmqqdy.info udp
LT 78.58.27.215:39493 tcp
US 8.8.8.8:53 tgpmlwylu.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 lxekmkwvpx.net udp
US 8.8.8.8:53 kuvqbw.info udp
US 8.8.8.8:53 rivyak.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 dxnueyidwbb.org udp
US 8.8.8.8:53 jonoxaswf.info udp
US 8.8.8.8:53 viuxfqcdnu.net udp
US 8.8.8.8:53 enobimfozngl.info udp
US 8.8.8.8:53 skinov.net udp
US 8.8.8.8:53 jojgfoawsgyp.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 ioseljx.net udp
US 8.8.8.8:53 lzzhvx.net udp
US 8.8.8.8:53 vpekeghjncd.com udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 aiyurumq.net udp
US 8.8.8.8:53 mawycigsaumg.com udp
US 8.8.8.8:53 lqqufidk.info udp
US 8.8.8.8:53 eathfaaieane.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 hgxqeurdhau.info udp
BG 77.78.52.70:37193 tcp
US 8.8.8.8:53 jwvaome.info udp
US 8.8.8.8:53 bghylk.net udp
US 8.8.8.8:53 laajkrocciyf.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 elzmxbdeieq.info udp
US 8.8.8.8:53 osuiiioseeua.org udp
US 8.8.8.8:53 tedyyvqhayx.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 urkpewhckcsb.info udp
US 8.8.8.8:53 sujksmuaqurk.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 ismztop.info udp
US 8.8.8.8:53 qqqickqauoai.org udp
US 8.8.8.8:53 bchoglpglkr.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 viayexesnk.net udp
US 8.8.8.8:53 xjwrkjwjaw.info udp
US 8.8.8.8:53 pyieaytsj.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 esihhyhd.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 eccgom.org udp
RU 213.222.244.199:28956 tcp
US 8.8.8.8:53 djpmiep.net udp
US 8.8.8.8:53 ldoowh.net udp
US 8.8.8.8:53 jfylrmtzd.org udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 kjouhqwdef.info udp
US 8.8.8.8:53 lgjhbmuez.net udp
US 8.8.8.8:53 tkbnjqnhgu.info udp
US 8.8.8.8:53 gebhzudeub.net udp
US 8.8.8.8:53 rclabyi.net udp
US 8.8.8.8:53 hklxpjmt.net udp
US 8.8.8.8:53 euhlbibzz.net udp
US 8.8.8.8:53 arbsvzz.info udp
US 8.8.8.8:53 maxqzdnkjnn.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 shhqecjwduu.net udp
US 8.8.8.8:53 dwqsycxgdwh.org udp
US 8.8.8.8:53 znhfav.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 ukzhtdxflokm.info udp
US 8.8.8.8:53 jzfibsx.com udp
US 8.8.8.8:53 bxwzldfrdjfk.net udp
US 8.8.8.8:53 wyhskxrdmqic.info udp
US 8.8.8.8:53 oehunx.net udp
US 8.8.8.8:53 ywhatszspkv.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 bviiaryqdhkt.net udp
US 8.8.8.8:53 pamqtwuaqkd.org udp
US 8.8.8.8:53 leqffxfj.info udp
RU 84.51.102.66:26994 tcp
US 8.8.8.8:53 oktebol.info udp
US 8.8.8.8:53 tcktbwb.info udp
US 8.8.8.8:53 ggqaeaieaomw.com udp
US 8.8.8.8:53 paiafmabhgva.info udp
US 8.8.8.8:53 monhruny.info udp
US 8.8.8.8:53 lbrczvrwjqt.com udp
US 8.8.8.8:53 xdfotsr.org udp
US 8.8.8.8:53 lmtggw.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 vyjioapkxfj.com udp
US 8.8.8.8:53 hmtqzceenqz.org udp
US 8.8.8.8:53 uwmsek.org udp
US 8.8.8.8:53 tphete.info udp
US 8.8.8.8:53 kcurcgl.info udp
US 8.8.8.8:53 tqkfxxpncsga.net udp
US 8.8.8.8:53 zkolbdzh.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 tkbpfitac.net udp
US 8.8.8.8:53 xzwkrn.info udp
US 8.8.8.8:53 prtaorztthqv.net udp
US 8.8.8.8:53 rnaijqdcan.info udp
US 8.8.8.8:53 tgosrwi.org udp
US 8.8.8.8:53 segokamccq.com udp
US 8.8.8.8:53 ahrzcxjn.net udp
US 8.8.8.8:53 nalyuwoftjdi.net udp
US 8.8.8.8:53 eawigd.info udp
US 8.8.8.8:53 bkibdzjpbzxh.net udp
US 8.8.8.8:53 lblgvitfuuto.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 zsxxlwj.net udp
US 8.8.8.8:53 vcrtvdakp.info udp
US 8.8.8.8:53 ywgagwiu.org udp
US 8.8.8.8:53 yoouoemu.com udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 gwogmc.org udp
US 8.8.8.8:53 lounflrdgl.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 vbzcxer.com udp
US 8.8.8.8:53 ucroxrtqb.info udp
US 8.8.8.8:53 cqqoie.net udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 vmcilx.info udp
US 8.8.8.8:53 hydaawp.com udp
US 8.8.8.8:53 xitbtenmj.info udp
CN 202.90.109.62:28884 tcp
US 8.8.8.8:53 dibsjycbxy.info udp
US 8.8.8.8:53 gzjuxbfofey.info udp
US 8.8.8.8:53 mohomqrnz.info udp
US 8.8.8.8:53 smicoiczhnv.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 owueqmaugmks.com udp
US 8.8.8.8:53 ujhwdorwjct.info udp
US 8.8.8.8:53 imaikwem.org udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 kuewitqdbhcs.info udp
US 8.8.8.8:53 myskiqqi.com udp
US 8.8.8.8:53 medxklg.net udp
US 8.8.8.8:53 yvrszzll.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 dqvadqp.com udp
US 8.8.8.8:53 aatchtjffgfj.net udp
US 8.8.8.8:53 eyzqou.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 dacicqlmj.net udp
US 8.8.8.8:53 ucfallr.info udp
US 8.8.8.8:53 bkmqnccmq.com udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 zojdpseada.net udp
US 8.8.8.8:53 szzljg.net udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 tmloxnhnr.org udp
US 8.8.8.8:53 moauyq.info udp
US 8.8.8.8:53 yseuuckk.org udp
US 8.8.8.8:53 qfjlsekzzuja.info udp
US 8.8.8.8:53 twhpgkqigoc.com udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 pieulcnwa.info udp
US 8.8.8.8:53 jvvruulhqiid.info udp
US 8.8.8.8:53 cdbqhocolgw.info udp
US 8.8.8.8:53 ridxkdvwla.info udp
US 8.8.8.8:53 oemciegesg.org udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 zniuxtoqmnvb.info udp
US 8.8.8.8:53 wmvyxwl.info udp
US 8.8.8.8:53 ztuvfk.info udp
US 8.8.8.8:53 mwywiyac.org udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 qmiqoymwqyii.org udp
US 8.8.8.8:53 dalquhj.com udp
US 8.8.8.8:53 mmatissmmqlv.net udp
US 8.8.8.8:53 kwbsrncquyr.info udp
US 8.8.8.8:53 hkomwbdauo.net udp
US 8.8.8.8:53 zjpxwusdpx.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 coxlxol.net udp
US 8.8.8.8:53 rgxehalzhsrq.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 znrdeltt.net udp
US 8.8.8.8:53 xcfwosls.net udp
US 8.8.8.8:53 grpnjtiyqz.info udp
US 8.8.8.8:53 zuouloiib.net udp
NO 37.191.143.136:42231 tcp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 duxmanqfym.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 rcbmfkswfuv.org udp
US 8.8.8.8:53 ywieqyv.net udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 ymuqsmyeqyka.com udp
US 8.8.8.8:53 iwogkqksckai.com udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 lhykkpfag.info udp
US 8.8.8.8:53 racbxunupewc.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 oedqzthsf.net udp
US 8.8.8.8:53 ctgtjhqm.info udp
US 8.8.8.8:53 betwnahel.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 mldmhp.info udp
US 8.8.8.8:53 shpspuxtz.info udp
US 8.8.8.8:53 sgmqki.org udp
US 8.8.8.8:53 tjliwcg.org udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 bgpwzpn.org udp
US 8.8.8.8:53 wsogkieumsai.org udp
US 8.8.8.8:53 sikiyiyg.com udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 rwokit.net udp
US 8.8.8.8:53 fcdwxk.info udp
BG 46.47.121.144:28559 tcp
US 8.8.8.8:53 pjdwlf.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 uphkphts.info udp
US 8.8.8.8:53 peyjszhlel.info udp
US 8.8.8.8:53 mycwywysmgsu.com udp
US 8.8.8.8:53 ssbeffu.net udp
US 8.8.8.8:53 ochgljxljm.info udp
US 8.8.8.8:53 qshccnlcvbf.info udp
US 8.8.8.8:53 akjhfkc.net udp
US 8.8.8.8:53 aagdkhtaxe.info udp
US 8.8.8.8:53 pwrspu.info udp
US 8.8.8.8:53 zsdcfmz.info udp
US 8.8.8.8:53 uxzbomtgrn.net udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 gkwqsmmy.org udp
US 8.8.8.8:53 xzpswxijdl.net udp
US 8.8.8.8:53 vyehpakwrmh.org udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 dwvcdxvvw.info udp
US 8.8.8.8:53 nutwtizyxsf.info udp
US 8.8.8.8:53 lokglgz.info udp
US 8.8.8.8:53 dzdvdk.info udp
US 8.8.8.8:53 viwgxeycb.info udp
US 8.8.8.8:53 wgbnmnls.info udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 sxyiuv.net udp
US 8.8.8.8:53 awrcthrdb.info udp
US 8.8.8.8:53 emvudcqsl.net udp
DE 87.120.84.24:43819 tcp
US 8.8.8.8:53 nclupzew.net udp
US 8.8.8.8:53 gyhteapvt.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 rcnxfrj.net udp
US 8.8.8.8:53 cvoetl.net udp
US 8.8.8.8:53 rkkuzry.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 ywiswyyvybg.info udp
US 8.8.8.8:53 wynczijgovh.net udp
US 8.8.8.8:53 asmsiy.org udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 zalxgbjsgsvd.net udp
US 8.8.8.8:53 iyvrke.info udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 nyprwak.net udp
US 8.8.8.8:53 repgsrcywat.com udp
US 8.8.8.8:53 ilsrsloydwr.info udp
US 8.8.8.8:53 smxvprrsuv.info udp
US 8.8.8.8:53 elamtqjbestb.net udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 aazmlydfmet.info udp
US 8.8.8.8:53 bbjttwmgtvrk.net udp
US 8.8.8.8:53 iwriah.net udp
US 8.8.8.8:53 tfubhegrfkhk.net udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 zszftjx.com udp
US 8.8.8.8:53 iqnazcxqo.info udp
US 8.8.8.8:53 gqnedqh.info udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 nwylprnoxj.info udp
US 8.8.8.8:53 bzilldjv.info udp
US 8.8.8.8:53 dchfphlyzdnt.info udp
US 8.8.8.8:53 msdajup.info udp
US 8.8.8.8:53 ozspoj.net udp

Files

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

MD5 70971f6c6d5e508ea1bfaec67bf739a3
SHA1 a43de5a8722562f3fbd1245f15ecc0cd87c5f088
SHA256 b25a92c91198e03bd144cefd593301f4b3837b3880740a63d9526b032d150954
SHA512 d92b578685c8bf1e459e323f99275c8eaaec0a0a7767f3b87c9ff95351292b0ed5cc4c272eec699f0a105cb5bb4390ce0a8b35342d9defe099c71828a62e96a0

C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe

MD5 acd201e3179f1bea3176625e53ae74a0
SHA1 16aba416493d24d4fcc7f94133da3a3bc328016c
SHA256 5362c09319c951bf520453f62ce8e2b521322aaed60b929fe2cb4f11085d0250
SHA512 f3234c90de201c62cb1ec4f101cc017289960916a98452a65500cadc3ec181a01a200381660e5789b99673d6db827fa6cfa96fe812e7540c88b01e59662a99ba

C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe

MD5 0e965ec7a83e481bceea838a53d825f3
SHA1 703329695d2c58ce2d747ded25b8eb8398b2824b
SHA256 02b27aeef5325b4015716cb52a5d12bbefa4015a93d3524c7e3b351d2a3036cb
SHA512 09ffc454937adbbf26281c2bce6cb8220760e96ff331aec6c685ed429b86c3f32c996a352a557d4bfa0ed44f863a0d76eb15e9cb914aca3ae52fe04f9cfefda7

C:\Users\Admin\AppData\Local\ileokospwuydnfzavksvoyuy.zge

MD5 7dd1f062c8738eacc5d872bb35f9effe
SHA1 dd85c101744bbdb65434274924ac2805c3e73b35
SHA256 30c0e5bf9df19bfac87929afe151c73d2c68b6201bcbb0fa91eb890f668a14cd
SHA512 104f3489083ae28d34258ac61f7e7c8ca4b73649398fac114161cfd870ea75c2b7aa010c8df667bf26c30f89d157b2ade45c3d5ce523e96dde77d4df4be93eea

C:\Users\Admin\AppData\Local\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj

MD5 c3b337c188a7491d148b299a2af5b1d6
SHA1 b9d71f8912e54258a00afcd1bad4c19b15644b05
SHA256 b22b8b0311d73f83c5299354af2bc2f7ee856c7cf023347fb5cf6f6bbfbf744a
SHA512 b1f357df6dcc242e5027c7e2221675a12df7024b3fb2de718efbf7afda75d7ea9ac397390fec907a5c2423131ce76c9aa07b8885e23ff9b58dc714eaf0b11316

C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge

MD5 f2bd9632bd7bcccde06981a4114a5557
SHA1 e7529f100314472ea316d5746a93ee834db75511
SHA256 842acade11a87fda9f4b9a7032e37e576f388e14e5de34b1514e0793c47ef16f
SHA512 ad8a66dc24467217ecbd5adde336b126ca10179f81202369002a57c61999ffc5aedd1eb93aabba5b764eadcc98421d8f6deaf690d97e3598868cb29de542fb82

C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge

MD5 cdce2f72bd9ff228e9ca8da43388d572
SHA1 08555ec04ac4487a3846eb1c8bb514c65c4da00e
SHA256 5af5af26fa195819faf9f1b8fe3117d5cd13dc43a5c60db7e7a2d2f0ff25aee7
SHA512 922493b5840d444cc4462ff7bf6da840e9d547af99f9d884cd93e69f0fc56fc2e811c448444097f8cfc35738d04d9f1937f24500956a57dba154a7d94fe1d21e

C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge

MD5 8e90c44a1183fa880d92b7e874f2e5e9
SHA1 b3cf94c0f96d1ccacceb2a081136574b81a14925
SHA256 6648ee5740ddc8cb0556c596779787737e58eb4b80c3af4d579c54f3e4c8b12c
SHA512 bfbbd2e0f14ebed4337b489a0f8e2886200aa24100bfb3bfafbcfddfa6a108f8d746def5b259e9e1789da7a47fd85de81d1f9fea9a5d3591b59f1e7a14c4fc01

C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge

MD5 38a62d0d7f4ecaeac040370b5210bec3
SHA1 e0ecbc012bda023ac08abb2d644719ef1f7d9a95
SHA256 0f84b092fda821df5e9af6de46dc32b5c1c9ccb9fef4d79e187ff80524b690b2
SHA512 565fe627808c25bcf3ef241553065cdddfdb94196c8f79141a6a47c37ab26ba02e17c8d62ef65976eec0a1cebe71fed6748e3fd4834ef1ba6301387874cefbcd

C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge

MD5 c88808064936dd151e1dc68adaec0488
SHA1 0251b61e7c3b288c1e0594133c267faf81055d3b
SHA256 49a6ed9dd1a006750a233c6dfb12ba79b5a5a2e01d0b384a3aa1ad421c553b34
SHA512 63171625260280b69901b4271aadba06b17cf2b1a80b1d9e393f29650d67f7fbff5056acaef268e2429267bad51ced09a70a8a68910817cb8a5f36a8f79fc546

C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge

MD5 2b8fdfe67ecf81a33fbb42fa69d577f0
SHA1 31bfd4d319a66164a262468f808585ac48184e22
SHA256 bde5786285c432433ba48002065f627e9e0ced5bf27d06015b4273bccf488ee6
SHA512 bbba30af5a5650985ef681857c026b2d952f40065e787a5ee75bd5ed3036784079988a231478c5def757b2256bfb2e1d5b3f6bedec30dd99d322f46506f29c1b