Malware Analysis Report

2025-08-10 16:35

Sample ID 250412-j9ajrs1jy5
Target JaffaCakes118_b1a720ff3f312809e834babbc8238648
SHA256 f71aac19d5e1e24a5b983a37d068604ef8d1ece82b27eefccd52c8dfd3ce5426
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f71aac19d5e1e24a5b983a37d068604ef8d1ece82b27eefccd52c8dfd3ce5426

Threat Level: Known bad

The file JaffaCakes118_b1a720ff3f312809e834babbc8238648 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

UAC bypass

Pykspa family

Pykspa

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks computer location settings

Looks up external IP address via web service

Adds Run key to start application

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-12 08:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-12 08:21

Reported

2025-04-12 08:24

Platform

win10v2004-20250410-en

Max time kernel

44s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sgmawjtezixtsc = "oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vgjunxemekw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\dylgjdumoeadjalhztrmz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\dylgjdumoeadjalhztrmz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\dylgjdumoeadjalhztrmz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\aqyombnaxizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
N/A N/A C:\Windows\aqyombnaxizxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Windows\hyhyxnaomyqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Windows\aqyombnaxizxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\hyhyxnaomyqpreldr.exe N/A
N/A N/A C:\Windows\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Windows\aqyombnaxizxykqh.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\aqyombnaxizxykqh.exe N/A
N/A N/A C:\Windows\hyhyxnaomyqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Windows\hyhyxnaomyqpreldr.exe N/A
N/A N/A C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Windows\qiskkbpedqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
N/A N/A C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
N/A N/A C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "oiuoqjzqrgbdiyidunke.exe ." C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "aqyombnaxizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "oiuoqjzqrgbdiyidunke.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "oiuoqjzqrgbdiyidunke.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "aqyombnaxizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "aqyombnaxizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqyombnaxizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "hyhyxnaomyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "aqyombnaxizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "oiuoqjzqrgbdiyidunke.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qiskkbpedqjjmaibqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oiuoqjzqrgbdiyidunke.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qiskkbpedqjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "dylgjdumoeadjalhztrmz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "qiskkbpedqjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rejwrdmwqymhf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vkrgdrcokukhhsx = "oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dylgjdumoeadjalhztrmz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hyhyxnaomyqpreldr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hyhyxnaomyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\seiuozhqjqdx = "oiuoqjzqrgbdiyidunke.exe" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqyombnaxizxykqh = "bufyzrgwwkefjyhbrjf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File created C:\Windows\SysWOW64\fevubzuqwqqxhcrrnlnmd.jhc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\fevubzuqwqqxhcrrnlnmd.jhc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\SysWOW64\akmwoxdkbgrjekkvclyikumvbizephci.taj C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\SysWOW64\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File created C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Program Files (x86)\akmwoxdkbgrjekkvclyikumvbizephci.taj C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File created C:\Program Files (x86)\akmwoxdkbgrjekkvclyikumvbizephci.taj C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\fevubzuqwqqxhcrrnlnmd.jhc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\fevubzuqwqqxhcrrnlnmd.jhc C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dylgjdumoeadjalhztrmz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\uqeaezrknebfmeqngbawkg.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dylgjdumoeadjalhztrmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dylgjdumoeadjalhztrmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bufyzrgwwkefjyhbrjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\hyhyxnaomyqpreldr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5428 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5428 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5428 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3084 wrote to memory of 4996 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 3084 wrote to memory of 4996 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 3084 wrote to memory of 4996 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 4908 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 4908 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 4908 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 4988 wrote to memory of 3328 N/A C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4988 wrote to memory of 3328 N/A C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4988 wrote to memory of 3328 N/A C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2260 wrote to memory of 6024 N/A C:\Windows\system32\cmd.exe C:\Windows\oiuoqjzqrgbdiyidunke.exe
PID 2260 wrote to memory of 6024 N/A C:\Windows\system32\cmd.exe C:\Windows\oiuoqjzqrgbdiyidunke.exe
PID 2260 wrote to memory of 6024 N/A C:\Windows\system32\cmd.exe C:\Windows\oiuoqjzqrgbdiyidunke.exe
PID 5208 wrote to memory of 4120 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 5208 wrote to memory of 4120 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 5208 wrote to memory of 4120 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 4028 wrote to memory of 1632 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
PID 4028 wrote to memory of 1632 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
PID 4028 wrote to memory of 1632 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe
PID 4120 wrote to memory of 5848 N/A C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4120 wrote to memory of 5848 N/A C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4120 wrote to memory of 5848 N/A C:\Windows\qiskkbpedqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1312 wrote to memory of 1164 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
PID 1312 wrote to memory of 1164 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
PID 1312 wrote to memory of 1164 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe
PID 1164 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1164 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1164 wrote to memory of 5292 N/A C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5204 wrote to memory of 5948 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
PID 5204 wrote to memory of 5948 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
PID 5204 wrote to memory of 5948 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe
PID 4556 wrote to memory of 3220 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
PID 4556 wrote to memory of 3220 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
PID 4556 wrote to memory of 3220 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe
PID 3220 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3220 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3220 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4764 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe
PID 4764 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe
PID 4764 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe
PID 4764 wrote to memory of 5488 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe
PID 4764 wrote to memory of 5488 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe
PID 4764 wrote to memory of 5488 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\ousymr.exe
PID 3972 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 3972 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 3972 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 5620 wrote to memory of 816 N/A C:\Windows\system32\cmd.exe C:\Windows\bufyzrgwwkefjyhbrjf.exe
PID 5620 wrote to memory of 816 N/A C:\Windows\system32\cmd.exe C:\Windows\bufyzrgwwkefjyhbrjf.exe
PID 5620 wrote to memory of 816 N/A C:\Windows\system32\cmd.exe C:\Windows\bufyzrgwwkefjyhbrjf.exe
PID 5844 wrote to memory of 5368 N/A C:\Windows\system32\cmd.exe C:\Windows\oiuoqjzqrgbdiyidunke.exe
PID 5844 wrote to memory of 5368 N/A C:\Windows\system32\cmd.exe C:\Windows\oiuoqjzqrgbdiyidunke.exe
PID 5844 wrote to memory of 5368 N/A C:\Windows\system32\cmd.exe C:\Windows\oiuoqjzqrgbdiyidunke.exe
PID 2752 wrote to memory of 1300 N/A C:\Windows\system32\cmd.exe C:\Windows\aqyombnaxizxykqh.exe
PID 2752 wrote to memory of 1300 N/A C:\Windows\system32\cmd.exe C:\Windows\aqyombnaxizxykqh.exe
PID 2752 wrote to memory of 1300 N/A C:\Windows\system32\cmd.exe C:\Windows\aqyombnaxizxykqh.exe
PID 5368 wrote to memory of 868 N/A C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5368 wrote to memory of 868 N/A C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5368 wrote to memory of 868 N/A C:\Windows\oiuoqjzqrgbdiyidunke.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2444 wrote to memory of 2920 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 2444 wrote to memory of 2920 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 2444 wrote to memory of 2920 N/A C:\Windows\system32\cmd.exe C:\Windows\qiskkbpedqjjmaibqh.exe
PID 1300 wrote to memory of 1716 N/A C:\Windows\aqyombnaxizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ousymr.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b1a720ff3f312809e834babbc8238648.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b1a720ff3f312809e834babbc8238648.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Users\Admin\AppData\Local\Temp\ousymr.exe

"C:\Users\Admin\AppData\Local\Temp\ousymr.exe" "-C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe"

C:\Users\Admin\AppData\Local\Temp\ousymr.exe

"C:\Users\Admin\AppData\Local\Temp\ousymr.exe" "-C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\qiskkbpedqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\hyhyxnaomyqpreldr.exe*."

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\dylgjdumoeadjalhztrmz.exe

dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dylgjdumoeadjalhztrmz.exe*."

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\hyhyxnaomyqpreldr.exe

hyhyxnaomyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dylgjdumoeadjalhztrmz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bufyzrgwwkefjyhbrjf.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe .

C:\Windows\bufyzrgwwkefjyhbrjf.exe

bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oiuoqjzqrgbdiyidunke.exe

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe .

C:\Windows\aqyombnaxizxykqh.exe

aqyombnaxizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bufyzrgwwkefjyhbrjf.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqyombnaxizxykqh.exe .

C:\Windows\oiuoqjzqrgbdiyidunke.exe

oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\aqyombnaxizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oiuoqjzqrgbdiyidunke.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qiskkbpedqjjmaibqh.exe

C:\Windows\qiskkbpedqjjmaibqh.exe

qiskkbpedqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqyombnaxizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bufyzrgwwkefjyhbrjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oiuoqjzqrgbdiyidunke.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\hyhyxnaomyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe

C:\Users\Admin\AppData\Local\Temp\dylgjdumoeadjalhztrmz.exe .

Network

Country Destination Domain Proto
GB 88.221.135.56:443 www.bing.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.11:80 www.yahoo.com tcp
LT 86.100.23.60:21945 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 fyvqgej.net udp
US 8.8.8.8:53 kliyju.net udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 uoiqay.com udp
US 8.8.8.8:53 nofygmd.net udp
US 8.8.8.8:53 rlpsjulqp.info udp
US 8.8.8.8:53 fxbivemcmlwq.net udp
US 8.8.8.8:53 xnrclstjrich.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 rdbofgrsjo.info udp
US 8.8.8.8:53 wbqeqgz.info udp
US 8.8.8.8:53 coguaiwm.org udp
US 8.8.8.8:53 ekssbyd.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 nmvrrix.net udp
US 8.8.8.8:53 dpvvyt.net udp
US 8.8.8.8:53 jbtlas.net udp
US 8.8.8.8:53 dqxmbmj.info udp
US 8.8.8.8:53 tgfebhhrj.com udp
US 8.8.8.8:53 scmysmya.org udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 gelgemouusw.net udp
US 8.8.8.8:53 neehce.net udp
US 8.8.8.8:53 xzjtoy.net udp
US 8.8.8.8:53 gmvemauyu.info udp
US 8.8.8.8:53 uujghylgx.net udp
US 8.8.8.8:53 amuyikmagemm.org udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 dgenpnyojd.net udp
US 8.8.8.8:53 tyurtytqjnvj.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 smwiqs.org udp
US 8.8.8.8:53 aawxxk.net udp
US 8.8.8.8:53 aakscw.org udp
US 8.8.8.8:53 uslagd.net udp
US 8.8.8.8:53 uszljdzvz.info udp
US 8.8.8.8:53 ayswuasgcg.org udp
US 8.8.8.8:53 eepgwut.net udp
US 8.8.8.8:53 luvehemiri.info udp
LT 78.62.135.120:22619 tcp
US 8.8.8.8:53 nxhjhelg.info udp
US 8.8.8.8:53 kwrhmyzeo.info udp
US 8.8.8.8:53 tcfinbuwqc.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 djpcqld.com udp
US 8.8.8.8:53 hqjadxjqt.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 kxnxnbdprgzh.net udp
US 8.8.8.8:53 yigqgm.com udp
US 8.8.8.8:53 lniztoj.net udp
US 8.8.8.8:53 vpcqfpa.net udp
US 8.8.8.8:53 tykxieoz.net udp
US 8.8.8.8:53 wcyzlwemp.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 cjtmrvwpyd.net udp
US 8.8.8.8:53 cuueaqkmmq.com udp
US 8.8.8.8:53 dsahehgqtj.info udp
US 8.8.8.8:53 tucinue.net udp
US 8.8.8.8:53 srfsxx.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 umycyacs.com udp
US 8.8.8.8:53 mugige.com udp
PT 94.46.15.223:80 mugige.com tcp
US 8.8.8.8:53 siausmqcqu.org udp
US 8.8.8.8:53 mwnonh.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 tclmxc.net udp
US 8.8.8.8:53 wercbroxnf.info udp
US 8.8.8.8:53 kaghxkf.info udp
US 8.8.8.8:53 hoirkbnpacfp.net udp
US 8.8.8.8:53 yuecge.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 jcpagfkvzzsi.net udp
US 8.8.8.8:53 zyprnlrn.net udp
US 8.8.8.8:53 hzqqhaamk.info udp
US 8.8.8.8:53 kktcewkgx.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 iqycyccu.org udp
US 8.8.8.8:53 mchwpucod.info udp
US 8.8.8.8:53 udjztfzhb.net udp
US 8.8.8.8:53 biefyxgz.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 uaooqqsk.org udp
US 8.8.8.8:53 dwnkma.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 hrpsovcx.net udp
BG 85.217.252.79:17035 tcp
US 8.8.8.8:53 vlpivni.info udp
US 8.8.8.8:53 wxbxvfkfzk.info udp
US 8.8.8.8:53 cxbufkraf.net udp
US 8.8.8.8:53 tlrqpvcshzd.info udp
US 8.8.8.8:53 zyhynvv.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 hvkghrpfcy.net udp
US 8.8.8.8:53 qckjydb.info udp
US 8.8.8.8:53 ygucwvivcgvj.info udp
US 8.8.8.8:53 jdufvfmorwhs.info udp
US 8.8.8.8:53 bjrwzgqwpwx.com udp
US 8.8.8.8:53 vsjmeajbgun.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 kumewsqq.com udp
US 8.8.8.8:53 sdczocyn.info udp
US 8.8.8.8:53 xufurzv.info udp
US 8.8.8.8:53 fttthjzq.net udp
US 8.8.8.8:53 ysdedngwcaop.net udp
US 8.8.8.8:53 twdjretsbpp.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 wgassqgu.com udp
US 8.8.8.8:53 ewlavyd.net udp
US 8.8.8.8:53 olfkrbktd.net udp
US 8.8.8.8:53 zusaaounwmjm.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 ctbsoiz.info udp
US 8.8.8.8:53 hfhejdsnhxtw.net udp
US 8.8.8.8:53 qbqyzobjaihz.net udp
US 8.8.8.8:53 sqycdfxv.net udp
US 8.8.8.8:53 hthvwb.info udp
US 8.8.8.8:53 rflamnsycqdj.info udp
US 8.8.8.8:53 raqnsgrqqhpv.info udp
US 8.8.8.8:53 nflnnfzsen.net udp
US 8.8.8.8:53 gtrwdpxk.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 cuogkmqa.org udp
US 8.8.8.8:53 basojzbqqia.info udp
US 8.8.8.8:53 makiwi.com udp
DE 217.160.0.216:80 makiwi.com tcp
US 8.8.8.8:53 potnbsj.org udp
US 8.8.8.8:53 czumren.info udp
US 8.8.8.8:53 cnuulpgk.net udp
US 8.8.8.8:53 aaacomycskso.com udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 gswonqjeu.net udp
US 8.8.8.8:53 xegzuytr.net udp
US 8.8.8.8:53 xarjdnuursz.info udp
US 8.8.8.8:53 ouxbxxzexkf.net udp
US 8.8.8.8:53 uymgwycwsw.com udp
US 8.8.8.8:53 kescic.org udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 eqqmhn.net udp
US 8.8.8.8:53 soimblfmbvvb.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 bwrhwjtxpmm.info udp
US 8.8.8.8:53 qdsrzj.info udp
US 8.8.8.8:53 pohbxflieal.info udp
US 8.8.8.8:53 zdbmffbjmql.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 oweecomowswi.org udp
US 8.8.8.8:53 nkrugqeebab.com udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 xitbjksec.info udp
US 8.8.8.8:53 monrdqzx.info udp
US 8.8.8.8:53 aumeliumrfd.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 uztgfkg.net udp
US 8.8.8.8:53 scpajknsvv.net udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 jqbuxkvwm.info udp
US 8.8.8.8:53 sglrlcnfqub.net udp
US 8.8.8.8:53 cjbnwt.net udp
US 8.8.8.8:53 bxiltkymlg.net udp
US 8.8.8.8:53 laxblics.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 lwbvrzj.com udp
US 8.8.8.8:53 osiuyyoiwi.com udp
US 8.8.8.8:53 swhqpcuiup.net udp
US 8.8.8.8:53 anlweep.net udp
US 8.8.8.8:53 dlvkyf.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 rpfupezssvpk.info udp
US 8.8.8.8:53 gsioisciywcc.org udp
US 8.8.8.8:53 ekqqcc.org udp
MD 92.114.169.211:27907 tcp
US 8.8.8.8:53 rswyleo.net udp
US 8.8.8.8:53 kkwfvuqskit.net udp
US 8.8.8.8:53 vzyzlsxuwmx.info udp
US 8.8.8.8:53 ymdoiaayd.net udp
US 8.8.8.8:53 nplrnf.net udp
US 8.8.8.8:53 balqrqzih.com udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 pecxmpgebt.info udp
US 8.8.8.8:53 vszduwunrxjm.info udp
US 8.8.8.8:53 abzmrj.info udp
US 8.8.8.8:53 ltfjtxvp.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 ogfwmtzjn.net udp
US 8.8.8.8:53 oogcuuqqiguo.org udp
US 8.8.8.8:53 azlojghebc.net udp
US 8.8.8.8:53 jbulak.net udp
US 8.8.8.8:53 pggshlr.info udp
US 8.8.8.8:53 kcfwbv.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 cfqrthhlzg.net udp
US 8.8.8.8:53 jyuqecbzjkh.info udp
US 8.8.8.8:53 xuazaosdhm.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 rwtqfbr.net udp
US 8.8.8.8:53 amvieq.info udp
US 8.8.8.8:53 sevkwgpyd.info udp
US 8.8.8.8:53 cqrcrmrixo.info udp
US 8.8.8.8:53 eebmjmujjba.info udp
US 8.8.8.8:53 jubvpax.info udp
LT 78.61.192.201:25955 tcp
US 8.8.8.8:53 twfddqwdlec.org udp
US 8.8.8.8:53 ehgilu.info udp
US 8.8.8.8:53 kyiokq.org udp
US 8.8.8.8:53 xizgomois.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 maderaj.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 xidvyish.info udp
US 8.8.8.8:53 lyxgycffl.org udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 umdskjxo.info udp
US 8.8.8.8:53 cudfayp.net udp
US 8.8.8.8:53 vivixqbdeqv.org udp
US 8.8.8.8:53 zovkcvbh.info udp
US 8.8.8.8:53 qgmsseisgw.org udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 eahgcaqrz.net udp
US 8.8.8.8:53 aqcsssaymcqm.org udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 wkkwsa.org udp
US 8.8.8.8:53 kkdasr.info udp
US 8.8.8.8:53 nghtzi.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 hbjzboik.net udp
US 8.8.8.8:53 tbbgcotqyjr.com udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 dglpyi.info udp
US 8.8.8.8:53 ruhhpqbjzysy.info udp
US 8.8.8.8:53 bzpzgl.info udp
US 8.8.8.8:53 qmyvev.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 ifncfp.net udp
US 8.8.8.8:53 tmzblg.info udp
US 8.8.8.8:53 xsqews.net udp
US 8.8.8.8:53 dgcahzxj.net udp
US 8.8.8.8:53 zfsrqttcbn.net udp
US 8.8.8.8:53 hseiolekf.info udp
US 8.8.8.8:53 zceswczqxqzy.info udp
US 8.8.8.8:53 tpzmqt.net udp
US 8.8.8.8:53 oetktyxuqr.net udp
US 8.8.8.8:53 jnuqgsaxui.net udp
US 8.8.8.8:53 rdefwcemiz.net udp
US 8.8.8.8:53 razklznrzh.net udp
US 8.8.8.8:53 rofdrzierc.net udp
US 8.8.8.8:53 sdrwuwa.info udp
US 8.8.8.8:53 yaqmumakkagw.com udp
US 8.8.8.8:53 xtrwauyjzt.net udp
US 8.8.8.8:53 yiywpweq.net udp
US 8.8.8.8:53 zfditavifn.info udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 yoisow.org udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 xuhiszqwvlb.info udp
US 8.8.8.8:53 oqrbxgwckut.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 bujdnfrkdu.net udp
US 8.8.8.8:53 xfvozznyl.com udp
US 8.8.8.8:53 oujqukpeh.net udp
US 8.8.8.8:53 ewuokskesvif.info udp
BG 89.25.19.243:29619 tcp
US 8.8.8.8:53 eyoykwoakmsg.com udp
US 8.8.8.8:53 wfwypth.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 kbfmbil.info udp
US 8.8.8.8:53 ppvwjhv.net udp
US 8.8.8.8:53 rsbjvqbpuffo.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 rapprgyxv.com udp
US 8.8.8.8:53 qoyaew.com udp
US 8.8.8.8:53 pqvqyszpbcxm.net udp
US 8.8.8.8:53 akokqwsqke.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 fmfcgf.info udp
US 8.8.8.8:53 csuwsugkcu.org udp
US 8.8.8.8:53 zoulji.net udp
US 8.8.8.8:53 iguumk.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 cuqtpddzjhvy.net udp
US 8.8.8.8:53 mnnqrygj.info udp
US 8.8.8.8:53 axbpoyvs.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 giyspzlqcvlb.info udp
US 8.8.8.8:53 edcxzydsir.info udp
US 8.8.8.8:53 blolvxvtddca.info udp
US 8.8.8.8:53 diganwtmpnp.com udp
US 8.8.8.8:53 knsczlbggpdt.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 kjwdsyfq.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 wigwmeew.org udp
US 8.8.8.8:53 uqcwbixkz.net udp
US 8.8.8.8:53 bkbgiytyr.com udp
US 8.8.8.8:53 hpincwhqlmm.com udp
US 8.8.8.8:53 atrtrckj.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 vaybvafefi.net udp
US 8.8.8.8:53 xlgizd.net udp
US 8.8.8.8:53 jyoyxit.org udp
US 8.8.8.8:53 qiyaag.com udp
US 8.8.8.8:53 hrecrrekzkw.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 amuxfyzx.info udp
US 8.8.8.8:53 lsbclcjdicj.info udp
US 8.8.8.8:53 osjilozmrug.net udp
US 8.8.8.8:53 koaamcou.com udp
US 8.8.8.8:53 lwegnqzcieo.net udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 oyfyiotlnkf.info udp
US 8.8.8.8:53 jlftdoty.info udp
BG 77.77.31.220:33142 tcp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 mohydglijom.info udp
US 8.8.8.8:53 fqexlntsp.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 pclmkswt.net udp
US 8.8.8.8:53 fgpluwdcr.net udp
US 8.8.8.8:53 mowquswuqywk.com udp
US 8.8.8.8:53 acrmfcslu.net udp
US 8.8.8.8:53 iocoyqyiiecy.com udp
US 8.8.8.8:53 rhnmeyx.org udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 moivnclnzin.info udp
US 8.8.8.8:53 goqtjd.info udp
US 8.8.8.8:53 omeauwigsyem.org udp
US 8.8.8.8:53 haljzy.info udp
US 8.8.8.8:53 wawtflcocl.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 rfpqziuvqduj.info udp
US 8.8.8.8:53 buzkvgluklk.net udp
US 8.8.8.8:53 cqgegukowsem.org udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 axjypnpy.net udp
US 8.8.8.8:53 ucqmsu.org udp
US 8.8.8.8:53 adhvva.net udp
US 8.8.8.8:53 epogtoqa.info udp
US 8.8.8.8:53 pwrwaqtot.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 nvushmok.net udp
US 8.8.8.8:53 mpmadj.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 xzwawphqfg.info udp
US 8.8.8.8:53 ccbpaidupse.net udp
US 8.8.8.8:53 dtrzgarr.net udp
US 8.8.8.8:53 unrfas.info udp
US 8.8.8.8:53 gcsurvx.info udp
US 8.8.8.8:53 fpeofmbaz.info udp
US 8.8.8.8:53 ioqokcksiy.com udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 qwtiqfrin.net udp
US 8.8.8.8:53 ddvwvt.info udp
US 8.8.8.8:53 hkmwusmbhlwn.info udp
US 8.8.8.8:53 athxaltq.info udp
US 8.8.8.8:53 usxers.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 iqwyaimueoas.org udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 84.32.85.103:27785 tcp
US 8.8.8.8:53 nmhvgydavm.info udp
US 8.8.8.8:53 vongxrtlhear.net udp
US 8.8.8.8:53 tegelyr.info udp
US 8.8.8.8:53 qweeqmgsb.net udp
US 8.8.8.8:53 gplonkmap.net udp
US 8.8.8.8:53 ygitbvywt.net udp
US 8.8.8.8:53 utziehbbx.info udp
US 8.8.8.8:53 dvvrvafvau.info udp
US 8.8.8.8:53 xqhyzkfyvjhk.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 fsdzmsqmye.info udp
US 8.8.8.8:53 mmtcotbc.net udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 jlnniwbj.info udp
US 8.8.8.8:53 gwrgtgw.info udp
US 8.8.8.8:53 dmlqzcautux.net udp
US 8.8.8.8:53 fzqsatroaw.info udp
US 8.8.8.8:53 alsspinax.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 xmmhkpkt.net udp
US 8.8.8.8:53 kswwqq.com udp
US 8.8.8.8:53 etfuly.info udp
US 8.8.8.8:53 swszbldyudlo.net udp
US 8.8.8.8:53 scvxpoypcb.net udp
US 8.8.8.8:53 waqmem.com udp
US 8.8.8.8:53 lfwqlefirrze.net udp
US 8.8.8.8:53 mkymskwy.com udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 zchmjinbf.com udp
US 8.8.8.8:53 dvfqxnsetrop.info udp
US 8.8.8.8:53 booxiutazv.info udp
US 8.8.8.8:53 byxmmhxj.net udp
US 8.8.8.8:53 ydjxvatl.info udp
US 8.8.8.8:53 xjtsph.info udp
US 8.8.8.8:53 aniwidgx.info udp
US 8.8.8.8:53 xbvodfjhk.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 kumznou.net udp
US 8.8.8.8:53 wwysseoqgiyk.org udp
US 8.8.8.8:53 hogiuifwvolf.net udp
US 8.8.8.8:53 osioaosu.org udp
US 8.8.8.8:53 uemxhaniztvx.net udp
US 8.8.8.8:53 sxzgckpt.net udp
US 8.8.8.8:53 idqvbbvj.info udp
US 8.8.8.8:53 dlfjbmkytr.info udp
US 8.8.8.8:53 vqqqbiebbph.com udp
US 8.8.8.8:53 hrmozlbthdnn.info udp
US 8.8.8.8:53 jlhmlw.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 psjcycm.com udp
US 8.8.8.8:53 qtksbsfrkexc.net udp
US 8.8.8.8:53 fgtwrzlbrne.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 qomchdkld.net udp
US 8.8.8.8:53 okiisqaimcok.com udp
US 8.8.8.8:53 qkqgeygakqso.com udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 cnkgrymdg.info udp
US 8.8.8.8:53 riaodswyl.net udp
US 8.8.8.8:53 bixtiat.org udp
US 8.8.8.8:53 oqwemeimeu.org udp
US 8.8.8.8:53 wiwgmagcmaoq.com udp
US 8.8.8.8:53 mgmkcoqagwcg.com udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 ucwkiyqsoqug.com udp
US 8.8.8.8:53 jesiro.info udp
US 8.8.8.8:53 rqxeewd.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 lzdhzkunryff.net udp
US 8.8.8.8:53 segaqg.com udp
US 8.8.8.8:53 ukyasuuseqsw.org udp
US 8.8.8.8:53 jyhavhr.org udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 zkzmma.net udp
US 8.8.8.8:53 qgpiuopvbec.net udp
US 8.8.8.8:53 dlxnewps.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 bpmnruwew.org udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 tydqgkrzgr.info udp
US 8.8.8.8:53 dsplni.info udp
US 8.8.8.8:53 ksrbneeolch.net udp
US 8.8.8.8:53 iezlqrxaty.info udp
US 8.8.8.8:53 lqvdzagipyu.org udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 euclmfxwd.net udp
US 8.8.8.8:53 ucpbqoxk.net udp
US 8.8.8.8:53 qcquqsj.net udp
US 8.8.8.8:53 bemtrcmdoasy.info udp
US 8.8.8.8:53 pvhqddcizutk.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
MD 93.116.225.104:14094 tcp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 zilohmp.org udp
US 8.8.8.8:53 scfkoonbicz.info udp
US 8.8.8.8:53 cdlerueoptc.info udp
US 8.8.8.8:53 yygsguye.com udp
US 8.8.8.8:53 dgiulmx.info udp
US 8.8.8.8:53 brsknnpsoyce.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 ycmgegcuewao.org udp
US 8.8.8.8:53 kagkaywg.org udp
US 8.8.8.8:53 gkcwaqmgoayy.org udp
US 8.8.8.8:53 gudiefufh.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 awjwjkrwr.net udp
US 8.8.8.8:53 ylrkloz.net udp
US 8.8.8.8:53 oyuscm.org udp
US 8.8.8.8:53 eabylhnefgt.info udp
US 8.8.8.8:53 kaiifclstii.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 eufdxkx.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 yxhejdwij.info udp
US 8.8.8.8:53 ogjovktqp.info udp
US 8.8.8.8:53 mmsxdtdt.info udp
US 8.8.8.8:53 ekqoscic.org udp
US 8.8.8.8:53 dsbxuhbgiix.org udp
US 8.8.8.8:53 rddiza.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 fcvqjxdym.info udp
US 8.8.8.8:53 ygkukcyw.com udp
US 8.8.8.8:53 quwkziphng.info udp
BG 89.25.19.139:14700 tcp
US 8.8.8.8:53 ymsqcg.com udp
US 8.8.8.8:53 nftahxpjqa.net udp
US 8.8.8.8:53 zgzepqimz.net udp
US 8.8.8.8:53 lmnsnyl.info udp
US 8.8.8.8:53 iyiwcobqb.net udp
US 8.8.8.8:53 fqghtfnxgt.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 ktnydo.net udp
US 8.8.8.8:53 vppgjyd.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 tytquitxjav.org udp
US 8.8.8.8:53 jbwtsp.info udp
US 8.8.8.8:53 eqgabkf.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 eipnbwua.net udp
US 8.8.8.8:53 llpuduqzzqt.net udp
US 8.8.8.8:53 nvnvzcl.info udp
US 8.8.8.8:53 pgvmnrjkl.info udp
US 8.8.8.8:53 legpvbxbrm.info udp
US 8.8.8.8:53 hcdgconcv.com udp
US 8.8.8.8:53 nfvckq.net udp
US 8.8.8.8:53 kwqueeacmiyu.com udp
US 8.8.8.8:53 jifhbcjv.net udp
US 8.8.8.8:53 vrsvqw.info udp
US 8.8.8.8:53 mkcmqy.org udp
US 8.8.8.8:53 wwyyggkqkm.org udp
US 8.8.8.8:53 xklsrjorvup.info udp
US 8.8.8.8:53 msebvpsqw.info udp
US 8.8.8.8:53 fplmiebcgqn.com udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 vujobvbkg.net udp
US 8.8.8.8:53 vzesfw.net udp
US 8.8.8.8:53 mfwijs.net udp
US 8.8.8.8:53 mefwlsfbimj.info udp
US 8.8.8.8:53 rqapfjvjfb.info udp
US 8.8.8.8:53 ucigqmiuwieo.org udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 yiciholb.info udp
US 8.8.8.8:53 gyijmqhfrcly.info udp
US 8.8.8.8:53 iysmousi.org udp
US 8.8.8.8:53 mejlbowwciy.info udp
US 8.8.8.8:53 uyzyhjjrjnub.net udp
US 8.8.8.8:53 hiosvqjud.org udp
US 8.8.8.8:53 pzxsdpbdjlvw.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 zzijykcox.net udp
US 8.8.8.8:53 ozmnbq.info udp
US 8.8.8.8:53 swtghhkzgrdq.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 jjrspkzb.info udp
US 8.8.8.8:53 zlgsxk.info udp
US 8.8.8.8:53 yyqascwmkq.com udp
US 8.8.8.8:53 xlhmbzthuobp.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 awxspyxqg.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 icwqus.org udp
BG 213.91.131.44:20649 tcp
US 8.8.8.8:53 iyygwekwoica.org udp
US 8.8.8.8:53 oqlzsgswz.info udp
US 8.8.8.8:53 tcnzusvgxf.net udp
US 8.8.8.8:53 wqzumks.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 eosoco.com udp
US 8.8.8.8:53 wmqwquke.com udp
US 8.8.8.8:53 msrsummzmv.info udp
US 8.8.8.8:53 dtletxshvbnt.info udp
US 8.8.8.8:53 bhfzvgrgoyj.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 ypfcfts.info udp
US 8.8.8.8:53 ckemxn.info udp
HK 8.218.157.123:80 ckemxn.info tcp
LT 78.58.77.245:37500 tcp
BG 83.228.84.49:32021 tcp
LT 78.58.65.250:28711 tcp
US 8.8.8.8:53 ushimtz.net udp
US 8.8.8.8:53 cayakycgmaym.com udp
BG 77.78.155.19:38295 tcp
US 8.8.8.8:53 ibnfqylizvu.info udp
US 8.8.8.8:53 cwsokwicgmem.org udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 uutqvnniv.net udp
US 8.8.8.8:53 zmxrpqrsi.info udp
US 8.8.8.8:53 gigaowkm.org udp
US 8.8.8.8:53 miugwisemaek.com udp
US 8.8.8.8:53 bclwuptsd.org udp
US 8.8.8.8:53 zgtgzzbahv.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 ouymyw.org udp
US 8.8.8.8:53 ldzlgutovrqr.net udp
US 8.8.8.8:53 sylrpcscfez.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 ejpkgujovic.net udp
US 8.8.8.8:53 hsfuhyiomas.net udp
US 8.8.8.8:53 xizghvuihlt.org udp
US 8.8.8.8:53 tizjxcx.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 dyjglsqsmxl.info udp
US 8.8.8.8:53 llrlrwuyyt.info udp
US 88.216.22.18:40538 tcp
US 8.8.8.8:53 ciubdpyk.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 rugnyejgpszi.info udp
US 8.8.8.8:53 msdffejwoef.info udp
US 8.8.8.8:53 dpuhjsluj.com udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 xflilbpsffj.org udp
US 8.8.8.8:53 lznmqjwzresv.net udp
US 8.8.8.8:53 rhxpdgfa.net udp
US 8.8.8.8:53 pvwdgf.info udp
US 8.8.8.8:53 cskaoeoisw.com udp
US 8.8.8.8:53 kaxuxkjcmn.info udp
US 8.8.8.8:53 thpewr.net udp
US 8.8.8.8:53 uurrrsfot.net udp
US 8.8.8.8:53 gdlrqpmxgelh.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 soyaiucmaq.com udp
US 8.8.8.8:53 iwdyfogslsb.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 hfqynl.info udp
US 8.8.8.8:53 xmqlqme.org udp
US 8.8.8.8:53 bhzoifbs.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 cqrsbhrxhaw.info udp
US 8.8.8.8:53 qidthiel.net udp
US 8.8.8.8:53 wfwydbxcge.net udp
US 8.8.8.8:53 fwrcheiikr.net udp
US 8.8.8.8:53 fdrewdjp.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 gcxnjnmpts.info udp
US 8.8.8.8:53 ckkmskgs.com udp
US 8.8.8.8:53 ngwbbher.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
LV 212.142.80.2:22424 tcp
US 8.8.8.8:53 orokeznnxo.net udp
US 8.8.8.8:53 esxsncqymcz.net udp
US 8.8.8.8:53 wwbyyangp.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 jenafqm.info udp
US 8.8.8.8:53 cgaaqprr.net udp
US 8.8.8.8:53 sibulwxopwh.info udp
US 8.8.8.8:53 ukqwsukc.org udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 iowiuqcacwgm.org udp
US 8.8.8.8:53 nwjtnopkkx.net udp
US 8.8.8.8:53 xiivddz.org udp
US 8.8.8.8:53 zqlaykjubms.org udp
US 8.8.8.8:53 wkaquyacym.org udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 eoxqvcpzzkq.info udp
US 8.8.8.8:53 oslieelwb.net udp
US 8.8.8.8:53 murgwwlujyo.info udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 kkfczuypxn.info udp
US 8.8.8.8:53 aaugcoassaqa.com udp
US 8.8.8.8:53 xhszzxtp.info udp
US 8.8.8.8:53 hbescvr.org udp
US 8.8.8.8:53 rmeidphhar.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 aqdrzcgurh.net udp
US 8.8.8.8:53 eqgezwq.net udp
US 8.8.8.8:53 dkponl.info udp
US 8.8.8.8:53 ovqyjkjrts.net udp
US 8.8.8.8:53 lmpkllgocyl.org udp
US 8.8.8.8:53 rmwfbdlzewlx.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 kdcmnjgs.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 hciyyytxpa.info udp
GB 86.162.183.151:36387 tcp
US 8.8.8.8:53 daostdpbrc.net udp
US 8.8.8.8:53 mvdtnbzepnab.net udp
US 8.8.8.8:53 nbrcvlowp.org udp
US 8.8.8.8:53 kmgguk.org udp
US 8.8.8.8:53 tqdadr.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 linrnkfdlp.info udp
US 8.8.8.8:53 vvsgrix.net udp
US 8.8.8.8:53 zqbmewe.org udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 cdxdsyptav.net udp
US 8.8.8.8:53 najdnornb.com udp
US 8.8.8.8:53 tudgihlrvori.info udp
US 8.8.8.8:53 tvhhht.info udp
US 8.8.8.8:53 jchgtdxnti.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 vvuwiqdi.info udp
US 8.8.8.8:53 qkdaedzq.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 qnjiwrbvrau.info udp
US 8.8.8.8:53 xlcmavyfrk.info udp
US 8.8.8.8:53 dsamzsmkuv.info udp
US 8.8.8.8:53 hdprnzcl.net udp
US 8.8.8.8:53 lugmenumv.net udp
US 8.8.8.8:53 txyowu.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 mqiwmiew.org udp
US 8.8.8.8:53 zmpsfqhqnmk.info udp
US 8.8.8.8:53 qkuyhobcdgr.info udp
US 8.8.8.8:53 nkhhmeld.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 nmaibausj.com udp
US 8.8.8.8:53 nyvfokjrdqae.info udp
LT 84.240.4.153:17502 tcp
US 8.8.8.8:53 krxdeemaybal.info udp
US 8.8.8.8:53 aacyuo.com udp
US 8.8.8.8:53 wyrpmaddf.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 hmeojyaoh.net udp
US 8.8.8.8:53 ntxpkbtfbbnt.net udp
US 8.8.8.8:53 hqdeztnsx.net udp
US 8.8.8.8:53 tctnoa.net udp
US 8.8.8.8:53 tizepaaxk.org udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 jusehypclvr.info udp
US 8.8.8.8:53 zhtagd.info udp
US 8.8.8.8:53 fifesnfv.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 xahhvsp.info udp
US 8.8.8.8:53 tuxrvae.org udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 dvzextzcjgnt.info udp
US 8.8.8.8:53 vupxeoogtrhm.net udp
US 8.8.8.8:53 oesmsymqskus.org udp
US 8.8.8.8:53 pqffra.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 xkilfanydm.net udp
US 8.8.8.8:53 vgqvfkrhp.info udp
US 8.8.8.8:53 sgviturqf.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 wkyism.com udp
US 8.8.8.8:53 pmkwkvnzjk.info udp
US 8.8.8.8:53 dwyvku.net udp
US 8.8.8.8:53 oudlba.info udp
US 8.8.8.8:53 bsgixrdbh.info udp
US 8.8.8.8:53 vprrbv.info udp
US 8.8.8.8:53 xbnwjeuqrmb.com udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 ycuygomicu.com udp
US 8.8.8.8:53 isqwmkyyegei.com udp
US 8.8.8.8:53 dslebyh.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 fsnxdcv.net udp
US 8.8.8.8:53 njimjyrqf.org udp
US 8.8.8.8:53 oahdbofi.net udp
US 8.8.8.8:53 lelbyj.net udp
US 8.8.8.8:53 itgtlzfqi.info udp
US 8.8.8.8:53 hetvrb.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 mwcqweyggc.org udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 wbbvlfanet.net udp
US 8.8.8.8:53 asinnfzybs.net udp
US 8.8.8.8:53 tahhbkqr.info udp
US 8.8.8.8:53 fmtcxmcbn.net udp
US 8.8.8.8:53 dmqkfqnuel.net udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 xhdmxgbdrv.net udp
US 8.8.8.8:53 yznyhmgeh.info udp
US 8.8.8.8:53 lwqpjupsr.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 egkgyc.com udp
US 8.8.8.8:53 lpstqr.net udp
US 8.8.8.8:53 okcusicwceoy.com udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 owssiyao.org udp
US 8.8.8.8:53 gwwygw.com udp
US 8.8.8.8:53 cuwycshwddv.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 osqdwjljci.net udp
US 8.8.8.8:53 xvxsyykb.net udp
US 8.8.8.8:53 wujjvad.info udp
US 8.8.8.8:53 taptptc.org udp
US 8.8.8.8:53 pazkuch.info udp
LT 78.60.77.146:29846 tcp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 uxekyf.net udp
US 8.8.8.8:53 scxobpryl.net udp
US 8.8.8.8:53 titahkdwj.info udp
US 8.8.8.8:53 sosaogkswgkk.com udp
US 8.8.8.8:53 rrcafz.net udp

Files

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

MD5 5203b6ea0901877fbf2d8d6f6d8d338e
SHA1 c803e92561921b38abe13239c1fd85605b570936
SHA256 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060
SHA512 d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471

C:\Windows\SysWOW64\qiskkbpedqjjmaibqh.exe

MD5 b1a720ff3f312809e834babbc8238648
SHA1 9143508ce53230b2437aaa3992f4c41586b3100d
SHA256 f71aac19d5e1e24a5b983a37d068604ef8d1ece82b27eefccd52c8dfd3ce5426
SHA512 a4f0ca15311c954fa431b413997816eae984387175b853f8f6ec8ee9c20c51960cdeaa87f6a9ebb93f6f2acc639ba0b5863067079724b0d1ca903e0c8f8037aa

C:\Users\Admin\AppData\Local\Temp\ousymr.exe

MD5 4a541889f331b2078eb03821990b1d38
SHA1 96588260838d753994104e6138670b6258b6405a
SHA256 47e17328e55df1efb3c34f4df934d458a06362fc47041cbeecefda8f3e0c9090
SHA512 fc29aeca11181ca2de2863a553cddd2c047f42fd3abbad9fa494abcc0760b39d4103b587570bd410127bdffb24dc65608fe17bdd2f9a007c090c840a96b67b7a

C:\Users\Admin\AppData\Local\akmwoxdkbgrjekkvclyikumvbizephci.taj

MD5 e4fb9ff11c6400a5edfba514b2afebe4
SHA1 a87e2c23b2bbd66a12cf28b3c9da6754d799d583
SHA256 601f40a7b7f34ff48d0ee5cf7d31fc3d0effb7c6659add4ee38a431f6474a9a3
SHA512 418fe80e9c2ca893486a73aa2d763b689f2eb8fc4a30ac50b8072eeb4f208db9f014738026624f06c138234b7c66c0981d57f2e585eebc5f6fd35efd7a448a8b

C:\Users\Admin\AppData\Local\fevubzuqwqqxhcrrnlnmd.jhc

MD5 744794f95d6feb65830579d217733318
SHA1 8fcac7ab6506e285a201d07cfe745833723252c4
SHA256 f748f0cb19429492c32ae483e0cfb47ea19fb46a0c44aed0d70fd86407c9e928
SHA512 73484322a3b8a915c6955645216b14b47bf6b4de38a1ca6cd8089a2b7816992fb309459f784c61c6ad060d8b408c1a17d0bb15f199ce8220c0b204dac5be7af9

C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc

MD5 f2b65b4eee8a581818eda2a3849f01be
SHA1 d0a2f1423bf25399a043b7d7b5cb5467c2403362
SHA256 6a6de083fddd2d91fb075a8c2947e7236a8a2557328e192ba4cdb6bfde2a5b41
SHA512 1057c152bb4980839d9e046799bea68b5960abc530014e8641352875c4d39896c72a19d34c5bd875f16494d1869369180c8732f75b59e1694fb41f52263c74bd

C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc

MD5 17c7b81c7ba29a1f93fca034922ed9b8
SHA1 409dd21a6e2334f80fe6bc83a47e85a037b12cdf
SHA256 00d3cd78d564915803be29c3e08e586a335cfc2c8ae3cc2dd629f472630d8e4f
SHA512 3a78e634932f5eac062761be38c2fa06a370c5345ca9f16c109736c6414e9cc69aed6a05ff003f52e385a8b02b72f92665b5cf4efca85a2bf0c9b4cca3231fb6

C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc

MD5 df49f1da2bada328146f9225dab82074
SHA1 93df410db19ab18a691314c4aab95d70e6623916
SHA256 f99aa2e8365f9dc46f002ce1ceba69d057b1ec6ef9209600cc5d00da62e45520
SHA512 f74a63ab5a440f75e1906d85f050a781261b0afa012d34cf58a980fc95f6b3464dbde799f1cb257264a93dc9bf2fb261a8491c4aa396b53441f93ee9d38bb2cb

C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc

MD5 7d5d2021fff9cf353badb349d7f8e502
SHA1 c3609a9394739280f54991ae2900c8361b9e478b
SHA256 f7e62a097168f08bd51c973fce3bc5c66402f6ebd3f86bfd99f99fd9b6a45239
SHA512 4280b5046b72fa1f677009cd049987b659f3298c0765ee2035acd5ebd438ee905b78256e387d6256f375c9bfcf3d44b609aaf8322abc206bd12ee11367fa259b

C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc

MD5 11e8eb39e77b0079bdceccb7a1407ca3
SHA1 a7da3cb154c7ec8088a384fdcb9aa2ea2420b4a6
SHA256 5c6b2489d2f2b4538f996e6962a81931518954a1cae5388e60cf518dbb7f8b05
SHA512 1e3271a17471fd21cf83098a642d2c760068fc478dc381ceb44aa890ea34c7b747fb7f356c063ca3fb77f9c2a9a8db6090ee6e99bfb86d609b3ba507875cb59e

C:\Program Files (x86)\fevubzuqwqqxhcrrnlnmd.jhc

MD5 39bced1aee8d8978520227ff1ee2d740
SHA1 6b1cfc6229553e8c3ea6747b2825f9be9e6162fe
SHA256 dbaea50fa28b70b12c4fdc99d2921bb0a5347923b9a9c0d35d0540b7c7f26aae
SHA512 75a84e4538243c8408ca29413e431ec31673dea06adf7a85b3b83ccbde3840d9c42c0c31754bb546fc57ffd4c66ddf125a6033c97a86def9527cc8b3450a040a