Malware Analysis Report

2025-08-10 16:35

Sample ID 250412-jm8haazqt2
Target JaffaCakes118_b19410583c5cac21e5066dee43513859
SHA256 226da79bd298b6c72453572e2f34a1b40e19db0c51e10197ac00daf0d499b770
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

226da79bd298b6c72453572e2f34a1b40e19db0c51e10197ac00daf0d499b770

Threat Level: Known bad

The file JaffaCakes118_b19410583c5cac21e5066dee43513859 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

UAC bypass

Pykspa family

Pykspa

Modifies WinLogon for persistence

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Checks computer location settings

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Looks up external IP address via web service

Adds Run key to start application

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-12 07:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-12 07:48

Reported

2025-04-12 07:50

Platform

win10v2004-20250410-en

Max time kernel

29s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vsgdvtlepjefjyhbrjz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\istdit = "xwmlffzuhdadjalhztlka.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bwidtpfwfxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\istdit = "kgtpgdumwpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dpuakxhlu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\odluhxkrdqdx = "xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\mhvkdzsfxqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wpbofzqbrizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wpbofzqbrizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\dxkyqldpgyqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\dxkyqldpgyqpreldr.exe N/A
N/A N/A C:\Windows\khxojhcrlgbdiyidungd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
N/A N/A C:\Windows\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Windows\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\khxojhcrlgbdiyidungd.exe N/A
N/A N/A C:\Windows\dxkyqldpgyqpreldr.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\khxojhcrlgbdiyidungd.exe N/A
N/A N/A C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Windows\khxojhcrlgbdiyidungd.exe N/A
N/A N/A C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Windows\wpbofzqbrizxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
N/A N/A C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uinbkzisuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoztidsiqhzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe ." C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "wpbofzqbrizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe ." C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "khxojhcrlgbdiyidungd.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xggpt = "vsgdvtlepjefjyhbrjz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "zxogcbxnieadjalhztnlc.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "xtiyspjxqkefjyhbrjb.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kwzlsfmu = "xwmlffzuhdadjalhztlka.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\bosfnbjst = "C:\\Users\\Admin\\AppData\\Local\\Temp\\igvtmleykfbdiyidunec.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "wpbofzqbrizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndmwkbpxkymhf = "dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "khxojhcrlgbdiyidungd.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "dxkyqldpgyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgitzlr = "bwidtpfwfxqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xggpt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uoztidsiqhzxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "xtiyspjxqkefjyhbrjb.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xtiyspjxqkefjyhbrjb.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xggpt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vsgdvtlepjefjyhbrjz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "dxkyqldpgyqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "xtiyspjxqkefjyhbrjb.exe ." C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owvd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xwmlffzuhdadjalhztlka.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "xtiyspjxqkefjyhbrjb.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "zxogcbxnieadjalhztnlc.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rjugwpfpeukhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zxogcbxnieadjalhztnlc.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ofpaphwftixtsc = "xtiyspjxqkefjyhbrjb.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhvkdzsfxqjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wjpwhvglvg = "khxojhcrlgbdiyidungd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rfmugvhnykw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wpbofzqbrizxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wpbofzqbrizxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dxkyqldpgyqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File created C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File created C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\SysWOW64\jpooszdbeimxlkdhhjlrqqubf.gko C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File created C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File created C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File created C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Program Files (x86)\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File created C:\Program Files (x86)\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\jpooszdbeimxlkdhhjlrqqubf.gko C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\jpooszdbeimxlkdhhjlrqqubf.gko C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mhvkdzsfxqjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\dxkyqldpgyqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\wpbofzqbrizxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qphaxxulhebfmeqngbwvng.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zxogcbxnieadjalhztnlc.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
File opened for modification C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wpbofzqbrizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wpbofzqbrizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mhvkdzsfxqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wpbofzqbrizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vsgdvtlepjefjyhbrjz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xwmlffzuhdadjalhztlka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xwmlffzuhdadjalhztlka.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zxogcbxnieadjalhztnlc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xtiyspjxqkefjyhbrjb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4412 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4412 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4412 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5236 wrote to memory of 220 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 5236 wrote to memory of 220 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 5236 wrote to memory of 220 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 4792 wrote to memory of 5476 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 4792 wrote to memory of 5476 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 4792 wrote to memory of 5476 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 5476 wrote to memory of 5392 N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5476 wrote to memory of 5392 N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5476 wrote to memory of 5392 N/A C:\Windows\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2428 wrote to memory of 5852 N/A C:\Windows\system32\cmd.exe C:\Windows\dxkyqldpgyqpreldr.exe
PID 2428 wrote to memory of 5852 N/A C:\Windows\system32\cmd.exe C:\Windows\dxkyqldpgyqpreldr.exe
PID 2428 wrote to memory of 5852 N/A C:\Windows\system32\cmd.exe C:\Windows\dxkyqldpgyqpreldr.exe
PID 5356 wrote to memory of 2764 N/A C:\Windows\system32\cmd.exe C:\Windows\khxojhcrlgbdiyidungd.exe
PID 5356 wrote to memory of 2764 N/A C:\Windows\system32\cmd.exe C:\Windows\khxojhcrlgbdiyidungd.exe
PID 5356 wrote to memory of 2764 N/A C:\Windows\system32\cmd.exe C:\Windows\khxojhcrlgbdiyidungd.exe
PID 5284 wrote to memory of 5180 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
PID 5284 wrote to memory of 5180 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
PID 5284 wrote to memory of 5180 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe
PID 2764 wrote to memory of 3172 N/A C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2764 wrote to memory of 3172 N/A C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2764 wrote to memory of 3172 N/A C:\Windows\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1692 wrote to memory of 1568 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
PID 1692 wrote to memory of 1568 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
PID 1692 wrote to memory of 1568 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe
PID 1568 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1568 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1568 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 6024 wrote to memory of 4992 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
PID 6024 wrote to memory of 4992 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
PID 6024 wrote to memory of 4992 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe
PID 1220 wrote to memory of 3712 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
PID 1220 wrote to memory of 3712 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
PID 1220 wrote to memory of 3712 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe
PID 3712 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3712 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3712 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4520 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
PID 4520 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
PID 4520 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
PID 4520 wrote to memory of 5740 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
PID 4520 wrote to memory of 5740 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
PID 4520 wrote to memory of 5740 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe
PID 6140 wrote to memory of 6072 N/A C:\Windows\system32\cmd.exe C:\Windows\wpbofzqbrizxykqh.exe
PID 6140 wrote to memory of 6072 N/A C:\Windows\system32\cmd.exe C:\Windows\wpbofzqbrizxykqh.exe
PID 6140 wrote to memory of 6072 N/A C:\Windows\system32\cmd.exe C:\Windows\wpbofzqbrizxykqh.exe
PID 2756 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 2756 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 2756 wrote to memory of 2780 N/A C:\Windows\system32\cmd.exe C:\Windows\xtiyspjxqkefjyhbrjb.exe
PID 2444 wrote to memory of 5728 N/A C:\Windows\system32\cmd.exe C:\Windows\wpbofzqbrizxykqh.exe
PID 2444 wrote to memory of 5728 N/A C:\Windows\system32\cmd.exe C:\Windows\wpbofzqbrizxykqh.exe
PID 2444 wrote to memory of 5728 N/A C:\Windows\system32\cmd.exe C:\Windows\wpbofzqbrizxykqh.exe
PID 2080 wrote to memory of 5680 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2080 wrote to memory of 5680 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2080 wrote to memory of 5680 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5728 wrote to memory of 1336 N/A C:\Windows\wpbofzqbrizxykqh.exe C:\Windows\mhvkdzsfxqjjmaibqh.exe
PID 5728 wrote to memory of 1336 N/A C:\Windows\wpbofzqbrizxykqh.exe C:\Windows\mhvkdzsfxqjjmaibqh.exe
PID 5728 wrote to memory of 1336 N/A C:\Windows\wpbofzqbrizxykqh.exe C:\Windows\mhvkdzsfxqjjmaibqh.exe
PID 1496 wrote to memory of 184 N/A C:\Windows\system32\cmd.exe C:\Windows\zxogcbxnieadjalhztnlc.exe
PID 1496 wrote to memory of 184 N/A C:\Windows\system32\cmd.exe C:\Windows\zxogcbxnieadjalhztnlc.exe
PID 1496 wrote to memory of 184 N/A C:\Windows\system32\cmd.exe C:\Windows\zxogcbxnieadjalhztnlc.exe
PID 5680 wrote to memory of 3436 N/A C:\Windows\zxogcbxnieadjalhztnlc.exe C:\Windows\system32\cmd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b19410583c5cac21e5066dee43513859.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b19410583c5cac21e5066dee43513859.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe

"C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b19410583c5cac21e5066dee43513859.exe"

C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe

"C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b19410583c5cac21e5066dee43513859.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\vsgdvtlepjefjyhbrjz.exe

vsgdvtlepjefjyhbrjz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\vsgdvtlepjefjyhbrjz.exe

vsgdvtlepjefjyhbrjz.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vsgdvtlepjefjyhbrjz.exe*."

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Windows\kgtpgdumwpjjmaibqh.exe

kgtpgdumwpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\kgtpgdumwpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\xwmlffzuhdadjalhztlka.exe

xwmlffzuhdadjalhztlka.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\xwmlffzuhdadjalhztlka.exe

xwmlffzuhdadjalhztlka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xwmlffzuhdadjalhztlka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe .

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Windows\xwmlffzuhdadjalhztlka.exe

xwmlffzuhdadjalhztlka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xwmlffzuhdadjalhztlka.exe*."

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe

C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\kgtpgdumwpjjmaibqh.exe

kgtpgdumwpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Windows\vsgdvtlepjefjyhbrjz.exe

vsgdvtlepjefjyhbrjz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vsgdvtlepjefjyhbrjz.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\kgtpgdumwpjjmaibqh.exe

kgtpgdumwpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bwidtpfwfxqpreldr.exe*."

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\uoztidsiqhzxykqh.exe

uoztidsiqhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\vsgdvtlepjefjyhbrjz.exe

vsgdvtlepjefjyhbrjz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vsgdvtlepjefjyhbrjz.exe*."

C:\Windows\igvtmleykfbdiyidunec.exe

igvtmleykfbdiyidunec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\kgtpgdumwpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\kgtpgdumwpjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\igvtmleykfbdiyidunec.exe

igvtmleykfbdiyidunec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\igvtmleykfbdiyidunec.exe

igvtmleykfbdiyidunec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\vsgdvtlepjefjyhbrjz.exe

vsgdvtlepjefjyhbrjz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Windows\igvtmleykfbdiyidunec.exe

igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."

C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe

C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xwmlffzuhdadjalhztlka.exe*."

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\mhvkdzsfxqjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe .

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe .

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wpbofzqbrizxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xtiyspjxqkefjyhbrjb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\khxojhcrlgbdiyidungd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\wpbofzqbrizxykqh.exe

wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\xtiyspjxqkefjyhbrjb.exe

C:\Windows\dxkyqldpgyqpreldr.exe

dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wpbofzqbrizxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhvkdzsfxqjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\users\admin\appdata\local\temp\mhvkdzsfxqjjmaibqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xtiyspjxqkefjyhbrjb.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zxogcbxnieadjalhztnlc.exe*."

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Windows\khxojhcrlgbdiyidungd.exe

khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\dxkyqldpgyqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zxogcbxnieadjalhztnlc.exe .

C:\Windows\mhvkdzsfxqjjmaibqh.exe

mhvkdzsfxqjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\dxkyqldpgyqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mhvkdzsfxqjjmaibqh.exe*."

C:\Windows\xtiyspjxqkefjyhbrjb.exe

xtiyspjxqkefjyhbrjb.exe

C:\Windows\zxogcbxnieadjalhztnlc.exe

zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wpbofzqbrizxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zxogcbxnieadjalhztnlc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wpbofzqbrizxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Users\Admin\AppData\Local\Temp\khxojhcrlgbdiyidungd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe

C:\Users\Admin\AppData\Local\Temp\zxogcbxnieadjalhztnlc.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 88.221.135.24:443 www.bing.com tcp
GB 95.101.143.202:443 www.bing.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 216.58.201.105:80 www.blogger.com tcp
BG 95.43.224.95:20089 tcp
US 8.8.8.8:53 qtttbufqbex.org udp
US 8.8.8.8:53 immuiaiugkeq.net udp
US 8.8.8.8:53 suxkks.info udp
US 8.8.8.8:53 molygadsholapet.org udp
US 8.8.8.8:53 cpcmnenansnan.com udp
US 8.8.8.8:53 yywmiiiugkeq.biz udp
US 8.8.8.8:53 igzmwo.biz udp
US 8.8.8.8:53 uaperanansnan.com udp
US 8.8.8.8:53 lzkcvafox.org udp
US 8.8.8.8:53 yksgamiq.net udp
US 8.8.8.8:53 ywpdbcuiwcymao.info udp
US 8.8.8.8:53 dphmlsn.org udp
US 8.8.8.8:53 efzhnyfqbex.com udp
US 8.8.8.8:53 eidpyqeoya.info udp
US 8.8.8.8:53 wcotrsiugkeq.info udp
US 8.8.8.8:53 jfnudafox.org udp
US 8.8.8.8:53 tkrogcn.org udp
US 8.8.8.8:53 oeesimiq.net udp
US 8.8.8.8:53 uatqlcuiwcymao.info udp
US 8.8.8.8:53 zfdthsn.cc udp
US 8.8.8.8:53 xizqmkn.cc udp
US 8.8.8.8:53 oerrlgeoya.biz udp
US 8.8.8.8:53 eqbqcguiwcymao.info udp
US 52.11.240.239:80 eqbqcguiwcymao.info tcp
US 8.8.8.8:53 zuzmvwfox.com udp
US 8.8.8.8:53 wzgrsenansnan.org udp
US 84.32.76.214:28006 tcp
US 8.8.8.8:53 wigyhsiugkeq.biz udp
US 8.8.8.8:53 waauysiugkeq.net udp
US 8.8.8.8:53 srjukodsholapet.org udp
US 8.8.8.8:53 tizmbgn.org udp
US 8.8.8.8:53 qwetpwiugkeq.biz udp
US 8.8.8.8:53 amlehcuiwcymao.net udp
US 8.8.8.8:53 izbqukdsholapet.com udp
US 8.8.8.8:53 agvtrufqbex.cc udp
US 8.8.8.8:53 sepsbs.net udp
US 8.8.8.8:53 agoriiiugkeq.biz udp
US 8.8.8.8:53 rmrgusfox.cc udp
US 8.8.8.8:53 bozyrgn.com udp
US 8.8.8.8:53 kooiewiq.net udp
US 8.8.8.8:53 yuwuemiq.biz udp
US 8.8.8.8:53 ybdetodsholapet.com udp
US 8.8.8.8:53 mgesbsdsholapet.org udp
US 8.8.8.8:53 ykbjeueoya.biz udp
US 8.8.8.8:53 sooiysiugkeq.biz udp
US 8.8.8.8:53 tjxxlafox.cc udp
US 8.8.8.8:53 cjgsnenansnan.com udp
US 8.8.8.8:53 autsca.net udp
US 8.8.8.8:53 wmeawmiq.net udp
US 8.8.8.8:53 nszqrsfox.cc udp
US 8.8.8.8:53 nqwuzafox.org udp
US 8.8.8.8:53 ugzfgguiwcymao.info udp
US 8.8.8.8:53 qwawsaiq.biz udp
US 8.8.8.8:53 wabchmnansnan.com udp
US 8.8.8.8:53 xcneecn.org udp
US 8.8.8.8:53 uwxumcuiwcymao.info udp
US 8.8.8.8:53 qymkcaiq.net udp
US 8.8.8.8:53 xojoxsn.com udp
US 8.8.8.8:53 bkcsuafox.com udp
US 8.8.8.8:53 ailswk.info udp
US 8.8.8.8:53 qweacsiugkeq.biz udp
US 8.8.8.8:53 tvfwkifox.cc udp
BG 83.222.181.237:30559 tcp
US 8.8.8.8:53 fqcqcwfox.org udp
US 8.8.8.8:53 gimcsiiugkeq.net udp
US 8.8.8.8:53 catwtueoya.net udp
US 8.8.8.8:53 ytxizanansnan.org udp
US 8.8.8.8:53 zonspkn.cc udp
US 8.8.8.8:53 aymkoaiugkeq.info udp
US 8.8.8.8:53 usawkiiugkeq.biz udp
US 8.8.8.8:53 uafudkdsholapet.cc udp
US 8.8.8.8:53 wrsxuodsholapet.com udp
US 8.8.8.8:53 egweniiugkeq.net udp
US 8.8.8.8:53 igkiteiq.info udp
US 8.8.8.8:53 ekxtrenansnan.org udp
US 8.8.8.8:53 rmrihsn.org udp
US 8.8.8.8:53 qgqqhwiugkeq.net udp
US 8.8.8.8:53 skqoxsiugkeq.net udp
US 8.8.8.8:53 unbclufqbex.org udp
US 8.8.8.8:53 ygudvanansnan.org udp
US 8.8.8.8:53 kenoyguiwcymao.net udp
US 8.8.8.8:53 eaxveqeoya.net udp
US 8.8.8.8:53 tbxouwfox.org udp
US 8.8.8.8:53 jfgjlifox.org udp
US 8.8.8.8:53 gahmus.net udp
US 8.8.8.8:53 qaowwaiq.net udp
US 8.8.8.8:53 dsfxjcn.org udp
US 8.8.8.8:53 zcbtrcn.com udp
US 8.8.8.8:53 sywmmmiq.info udp
US 8.8.8.8:53 iobwycuiwcymao.net udp
US 8.8.8.8:53 xidshsn.com udp
US 8.8.8.8:53 mqtoqyfqbex.com udp
US 8.8.8.8:53 wovsmueoya.info udp
US 8.8.8.8:53 euyypiiugkeq.net udp
US 8.8.8.8:53 hzdupsn.org udp
US 8.8.8.8:53 brdhrcn.org udp
US 8.8.8.8:53 scfdcueoya.info udp
US 8.8.8.8:53 wessyiiugkeq.info udp
US 8.8.8.8:53 tmrvuifox.com udp
US 8.8.8.8:53 pwhmxcn.cc udp
US 8.8.8.8:53 kkpepo.info udp
US 8.8.8.8:53 aaxsiueoya.info udp
US 8.8.8.8:53 vmribifox.org udp
US 8.8.8.8:53 drigfifox.cc udp
US 8.8.8.8:53 kmnliguiwcymao.info udp
US 8.8.8.8:53 uytcsgeoya.info udp
US 8.8.8.8:53 uglergfqbex.org udp
US 8.8.8.8:53 lxnsdcn.com udp
US 8.8.8.8:53 coxkiueoya.info udp
US 8.8.8.8:53 aqzadkuiwcymao.info udp
US 8.8.8.8:53 yalpjanansnan.org udp
NL 94.156.119.28:35112 tcp
US 8.8.8.8:53 ycokbodsholapet.org udp
US 8.8.8.8:53 yqjswk.net udp
US 8.8.8.8:53 ymxikueoya.net udp
US 8.8.8.8:53 kdrccwnansnan.com udp
US 8.8.8.8:53 ckocgkdsholapet.org udp
US 8.8.8.8:53 swdihk.info udp
US 8.8.8.8:53 qwbbyyeoya.info udp
US 8.8.8.8:53 yndccsdsholapet.cc udp
US 8.8.8.8:53 uvjmhufqbex.org udp
US 8.8.8.8:53 isuufsiugkeq.info udp
US 8.8.8.8:53 ieysqwiq.biz udp
US 8.8.8.8:53 zqhkxgn.cc udp
US 8.8.8.8:53 mqswuwnansnan.org udp
US 8.8.8.8:53 iyyodwiugkeq.info udp
US 8.8.8.8:53 wopkca.info udp
US 8.8.8.8:53 lnhktifox.org udp
US 8.8.8.8:53 fqhkgkn.com udp
US 8.8.8.8:53 ewfahguiwcymao.info udp
US 8.8.8.8:53 qusosiiugkeq.net udp
US 8.8.8.8:53 ovtiuufqbex.cc udp
US 8.8.8.8:53 aqestenansnan.org udp
US 8.8.8.8:53 cymgiwiugkeq.info udp
US 8.8.8.8:53 yuhspcuiwcymao.biz udp
US 8.8.8.8:53 pvlglcn.com udp
US 8.8.8.8:53 sshljufqbex.org udp
US 8.8.8.8:53 suzcda.net udp
US 8.8.8.8:53 cebszqeoya.info udp
US 8.8.8.8:53 cdnjnanansnan.cc udp
US 8.8.8.8:53 slwcnodsholapet.cc udp
US 8.8.8.8:53 goboncuiwcymao.net udp
US 8.8.8.8:53 uwmzmeiq.net udp
US 8.8.8.8:53 gtrevgfqbex.org udp
US 8.8.8.8:53 vmgqbsfox.org udp
US 8.8.8.8:53 eeigiwiq.net udp
US 8.8.8.8:53 cyugvwiq.biz udp
US 8.8.8.8:53 yknalenansnan.com udp
US 8.8.8.8:53 lkadhifox.org udp
US 8.8.8.8:53 iuwkfiiugkeq.info udp
US 8.8.8.8:53 qidcqa.net udp
US 8.8.8.8:53 anljvkdsholapet.cc udp
US 8.8.8.8:53 ebaaxanansnan.org udp
US 8.8.8.8:53 satsdueoya.info udp
US 8.8.8.8:53 cgguxsiugkeq.biz udp
US 8.8.8.8:53 vxdaqgn.cc udp
BG 78.83.153.188:40867 tcp
US 8.8.8.8:53 qxkyvwnansnan.org udp
US 8.8.8.8:53 aijneueoya.info udp
US 8.8.8.8:53 qixipa.info udp
US 8.8.8.8:53 oznevadsholapet.org udp
US 8.8.8.8:53 tnrpfkn.cc udp
US 8.8.8.8:53 ikpogcuiwcymao.info udp
US 8.8.8.8:53 syqyiiiugkeq.info udp
US 8.8.8.8:53 bglbscn.org udp
US 8.8.8.8:53 ewgxsodsholapet.cc udp
US 8.8.8.8:53 gahdrueoya.biz udp
US 8.8.8.8:53 kmyjzsiugkeq.net udp
US 8.8.8.8:53 ygxqnanansnan.com udp
US 8.8.8.8:53 fnzyrcn.com udp
US 8.8.8.8:53 oquysiiugkeq.biz udp
US 8.8.8.8:53 smfqaa.info udp
US 8.8.8.8:53 ctjwaanansnan.com udp
US 8.8.8.8:53 hbkjhafox.com udp
US 8.8.8.8:53 ccpodo.biz udp
US 8.8.8.8:53 yoqcpmiq.biz udp
US 8.8.8.8:53 jjbntsfox.org udp
US 8.8.8.8:53 wigiakdsholapet.com udp
US 8.8.8.8:53 qaygssiugkeq.biz udp
US 8.8.8.8:53 ayfapa.biz udp
US 8.8.8.8:53 ojxqpmnansnan.org udp
US 8.8.8.8:53 rpywjifox.org udp
US 8.8.8.8:53 ggxuesuiwcymao.biz udp
US 8.8.8.8:53 eqlgqueoya.biz udp
US 8.8.8.8:53 abdqbenansnan.com udp
US 8.8.8.8:53 intehufqbex.org udp
US 8.8.8.8:53 osvvkgeoya.net udp
US 8.8.8.8:53 varbwsn.com udp
US 8.8.8.8:53 rnwslafox.com udp
US 8.8.8.8:53 kwdktk.net udp
US 8.8.8.8:53 katyqkuiwcymao.net udp
US 8.8.8.8:53 tldcjafox.cc udp
US 8.8.8.8:53 mvomnkdsholapet.com udp
LT 78.61.20.6:33273 tcp
US 8.8.8.8:53 mkbuyk.biz udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 seeqxsiugkeq.info udp
US 8.8.8.8:53 jrjyeafox.com udp
US 8.8.8.8:53 gsuivanansnan.cc udp
US 8.8.8.8:53 ymjogcuiwcymao.biz udp
US 8.8.8.8:53 aopcoa.info udp
US 8.8.8.8:53 pyxongn.org udp
US 8.8.8.8:53 wvmqfodsholapet.cc udp
US 8.8.8.8:53 ycosswiq.biz udp
US 8.8.8.8:53 smpsecuiwcymao.info udp
US 8.8.8.8:53 qwffnkdsholapet.cc udp
US 8.8.8.8:53 sbyqaodsholapet.org udp
US 8.8.8.8:53 csvacgeoya.biz udp
US 8.8.8.8:53 gkeeawiq.biz udp
US 8.8.8.8:53 mjnmxgfqbex.org udp
US 8.8.8.8:53 ldvhxcn.cc udp
US 8.8.8.8:53 ywsyewiugkeq.biz udp
US 8.8.8.8:53 kklkvguiwcymao.info udp
US 8.8.8.8:53 ynlcxufqbex.cc udp
US 8.8.8.8:53 fzusgafox.com udp
US 8.8.8.8:53 ikmgamiq.net udp
US 8.8.8.8:53 ucdeuqeoya.biz udp
US 8.8.8.8:53 dhhnowfox.org udp
US 8.8.8.8:53 shmdzmnansnan.cc udp
US 8.8.8.8:53 ikahdwiq.net udp
US 8.8.8.8:53 oqbccsuiwcymao.info udp
US 8.8.8.8:53 vmrwksn.cc udp
US 8.8.8.8:53 ymkaaenansnan.org udp
US 8.8.8.8:53 uowhamiq.biz udp
US 8.8.8.8:53 oyiemiiugkeq.net udp
US 8.8.8.8:53 dhxelgn.cc udp
US 8.8.8.8:53 yvjxbqfqbex.com udp
US 8.8.8.8:53 mkfqck.net udp
US 8.8.8.8:53 gcnunkuiwcymao.biz udp
US 8.8.8.8:53 qarebgfqbex.org udp
US 8.8.8.8:53 sgygrenansnan.org udp
US 8.8.8.8:53 wqtpoa.biz udp
US 8.8.8.8:53 uijsocuiwcymao.net udp
US 8.8.8.8:53 msgslkdsholapet.cc udp
US 8.8.8.8:53 cmecrwiq.info udp
US 8.8.8.8:53 yswfewiq.biz udp
US 8.8.8.8:53 jllifcn.cc udp
US 8.8.8.8:53 mgiwhkdsholapet.com udp
US 8.8.8.8:53 uqgpuwiugkeq.info udp
US 8.8.8.8:53 acwwdsiugkeq.info udp
US 8.8.8.8:53 vqhxzsfox.com udp
US 8.8.8.8:53 qpmmxodsholapet.org udp
BG 93.123.120.140:21928 tcp
US 8.8.8.8:53 uwvams.net udp
US 8.8.8.8:53 kehoko.biz udp
US 8.8.8.8:53 gujndsdsholapet.org udp
US 8.8.8.8:53 mgjlmcuiwcymao.biz udp
US 8.8.8.8:53 qqbfxqeoya.net udp
US 8.8.8.8:53 lkroxcn.org udp
US 8.8.8.8:53 xiwqrifox.cc udp
US 8.8.8.8:53 saekyaiugkeq.biz udp
US 8.8.8.8:53 wyufiwiugkeq.info udp
US 8.8.8.8:53 zqdppcn.org udp
US 8.8.8.8:53 zmcuawfox.com udp
US 8.8.8.8:53 ccjajs.net udp
US 8.8.8.8:53 oiwkkwiugkeq.biz udp
US 8.8.8.8:53 cvlwyqfqbex.com udp
US 8.8.8.8:53 mmqmdadsholapet.cc udp
US 8.8.8.8:53 akqipmiq.net udp
US 8.8.8.8:53 csrjza.biz udp
US 8.8.8.8:53 irxkesdsholapet.com udp
US 8.8.8.8:53 xedkfkn.cc udp
US 8.8.8.8:53 eyiqmaiq.info udp
US 8.8.8.8:53 uqjcesuiwcymao.biz udp
US 8.8.8.8:53 qfbajkdsholapet.cc udp
US 8.8.8.8:53 gashosdsholapet.cc udp
US 8.8.8.8:53 ioxgfkuiwcymao.net udp
US 8.8.8.8:53 cakcksiugkeq.net udp
US 8.8.8.8:53 pzfpdsn.com udp
US 8.8.8.8:53 kfjuhyfqbex.com udp
US 8.8.8.8:53 skxmss.net udp
US 8.8.8.8:53 kgjnuo.net udp
US 8.8.8.8:53 garctenansnan.com udp
US 8.8.8.8:53 uqirsadsholapet.cc udp
US 8.8.8.8:53 cehbea.info udp
US 8.8.8.8:53 qyllkyeoya.net udp
US 8.8.8.8:53 ekzmkyfqbex.cc udp
US 8.8.8.8:53 aywzoanansnan.cc udp
US 8.8.8.8:53 eapmoguiwcymao.info udp
US 8.8.8.8:53 qcjisqeoya.net udp
US 8.8.8.8:53 brjarkn.com udp
US 8.8.8.8:53 cvktlsdsholapet.com udp
US 8.8.8.8:53 yslnsa.net udp
US 8.8.8.8:53 iahmhgeoya.biz udp
US 8.8.8.8:53 upbgkkdsholapet.cc udp
US 8.8.8.8:53 rvoqtwfox.com udp
US 8.8.8.8:53 gqlawgeoya.info udp
US 8.8.8.8:53 qymmssiugkeq.net udp
US 8.8.8.8:53 bdfqlcn.cc udp
US 8.8.8.8:53 mohpsgfqbex.org udp
US 8.8.8.8:53 mkxzgo.info udp
BG 89.215.188.160:19181 tcp
US 8.8.8.8:53 wodkgyeoya.net udp
US 8.8.8.8:53 hjhubwfox.cc udp
US 8.8.8.8:53 hfmrgafox.org udp
US 8.8.8.8:53 kapflsuiwcymao.biz udp
US 8.8.8.8:53 aivsdgeoya.biz udp
US 8.8.8.8:53 qprcjadsholapet.org udp
US 8.8.8.8:53 sfwqaanansnan.com udp
US 8.8.8.8:53 ugkjfiiugkeq.info udp
US 8.8.8.8:53 kasatwiq.biz udp
US 8.8.8.8:53 fwdsbsn.cc udp
US 8.8.8.8:53 uqqigwnansnan.com udp
US 8.8.8.8:53 iwqnwaiq.biz udp
US 8.8.8.8:53 oevwwguiwcymao.info udp
US 8.8.8.8:53 vtnwbsn.org udp
US 8.8.8.8:53 drickafox.cc udp
US 8.8.8.8:53 gyfssk.info udp
US 8.8.8.8:53 cgbywgeoya.biz udp
US 8.8.8.8:53 kntxngfqbex.cc udp
US 8.8.8.8:53 sntqrqfqbex.org udp
US 8.8.8.8:53 keqaqwiugkeq.net udp
US 8.8.8.8:53 ccfqsguiwcymao.biz udp
US 8.8.8.8:53 uudadkdsholapet.cc udp
US 8.8.8.8:53 mkaeumnansnan.org udp
US 8.8.8.8:53 sebihguiwcymao.biz udp
US 8.8.8.8:53 aispkeiq.net udp
US 8.8.8.8:53 yejlkmnansnan.cc udp
US 8.8.8.8:53 cafkbqfqbex.com udp
US 8.8.8.8:53 akrcoueoya.net udp
US 8.8.8.8:53 xihaywfox.org udp
US 8.8.8.8:53 ilwmradsholapet.org udp
US 8.8.8.8:53 cudclguiwcymao.biz udp
US 8.8.8.8:53 kyliisuiwcymao.net udp
US 8.8.8.8:53 lzripifox.org udp
US 8.8.8.8:53 ggawxkdsholapet.org udp
US 8.8.8.8:53 sevaia.info udp
US 8.8.8.8:53 ggxouqeoya.info udp
US 8.8.8.8:53 qvlkzodsholapet.com udp
US 8.8.8.8:53 rufpjsn.cc udp
US 8.8.8.8:53 yyvilcuiwcymao.biz udp
US 8.8.8.8:53 mariek.info udp
US 8.8.8.8:53 ymxjpgfqbex.com udp
US 8.8.8.8:53 ngzwjcn.com udp
US 8.8.8.8:53 eajoyueoya.net udp
US 8.8.8.8:53 aqbzwguiwcymao.info udp
US 8.8.8.8:53 nkjgnkn.com udp
US 8.8.8.8:53 gksugsdsholapet.cc udp
US 8.8.8.8:53 ywebbeiq.biz udp
US 8.8.8.8:53 iibjso.net udp
US 8.8.8.8:53 opnanmnansnan.cc udp
US 8.8.8.8:53 duwwfafox.cc udp
US 8.8.8.8:53 sotaiqeoya.info udp
LT 84.240.51.252:25477 tcp
US 8.8.8.8:53 ackuwwiugkeq.biz udp
US 8.8.8.8:53 gmzppyfqbex.org udp
US 8.8.8.8:53 cpjzbyfqbex.cc udp
US 8.8.8.8:53 icpliqeoya.biz udp
US 8.8.8.8:53 aetgpyfqbex.cc udp
US 8.8.8.8:53 fmgdnwfox.org udp
US 8.8.8.8:53 amdgqkuiwcymao.biz udp
US 8.8.8.8:53 gqqahaiugkeq.info udp
US 8.8.8.8:53 stfmbenansnan.org udp
US 8.8.8.8:53 fxnvcgn.com udp
US 8.8.8.8:53 okecyiiugkeq.net udp
US 8.8.8.8:53 msveigeoya.biz udp
US 8.8.8.8:53 jehmxgn.org udp
US 8.8.8.8:53 sdyriwnansnan.com udp
US 8.8.8.8:53 mahfmsuiwcymao.biz udp
US 8.8.8.8:53 eqrvoueoya.net udp
US 8.8.8.8:53 kbzwdkdsholapet.cc udp
US 8.8.8.8:53 zgduzgn.com udp
US 8.8.8.8:53 mwxclueoya.biz udp
US 8.8.8.8:53 qcklsmiq.net udp
US 8.8.8.8:53 kxdwqgfqbex.com udp
US 8.8.8.8:53 wrlndgfqbex.cc udp
US 8.8.8.8:53 kolkhguiwcymao.net udp
US 8.8.8.8:53 ccfocqeoya.info udp
US 8.8.8.8:53 iqlrwwnansnan.org udp
US 8.8.8.8:53 sdmumadsholapet.com udp
US 8.8.8.8:53 kqowieiq.biz udp
US 8.8.8.8:53 wcxwacuiwcymao.biz udp
US 8.8.8.8:53 yphvdyfqbex.cc udp
US 8.8.8.8:53 vbmgnafox.com udp
US 8.8.8.8:53 qgnfmgeoya.biz udp
US 8.8.8.8:53 lohutkn.com udp
US 8.8.8.8:53 xdngzcn.com udp
US 8.8.8.8:53 gaycpaiq.net udp
US 8.8.8.8:53 oorjesuiwcymao.biz udp
BG 93.183.185.137:22218 tcp
US 8.8.8.8:53 rulrusfox.com udp
US 8.8.8.8:53 gjwkhadsholapet.org udp
US 8.8.8.8:53 watgjgeoya.info udp
US 8.8.8.8:53 muipuaiq.info udp
US 8.8.8.8:53 dszijcn.com udp
US 8.8.8.8:53 pcholkn.org udp
US 8.8.8.8:53 oqbahqeoya.net udp
US 8.8.8.8:53 owesisiugkeq.biz udp
US 8.8.8.8:53 oljgxadsholapet.cc udp
US 8.8.8.8:53 vkygxifox.org udp
US 8.8.8.8:53 coxumyeoya.net udp
US 8.8.8.8:53 guesgsiugkeq.biz udp
US 8.8.8.8:53 mdfgmmnansnan.cc udp
US 8.8.8.8:53 ejkfkodsholapet.com udp
US 8.8.8.8:53 uwsunmiq.biz udp
US 8.8.8.8:53 qogipaiq.biz udp
US 8.8.8.8:53 altqradsholapet.cc udp
US 8.8.8.8:53 uodypqfqbex.com udp
US 8.8.8.8:53 imnargeoya.net udp
US 8.8.8.8:53 sqcpjmiq.net udp
US 8.8.8.8:53 cclwradsholapet.cc udp
US 8.8.8.8:53 fzwmpwfox.org udp
US 8.8.8.8:53 owztakuiwcymao.net udp
US 8.8.8.8:53 ycdoeqeoya.biz udp
US 8.8.8.8:53 mvzgvgfqbex.cc udp
US 8.8.8.8:53 ehqvnanansnan.com udp
US 8.8.8.8:53 kuuyeaiugkeq.net udp
US 8.8.8.8:53 agdcas.net udp
US 8.8.8.8:53 arhezenansnan.com udp
US 8.8.8.8:53 mdenqadsholapet.org udp
US 8.8.8.8:53 eqoygeiq.biz udp
US 8.8.8.8:53 kqvomo.net udp
US 8.8.8.8:53 gsxwoodsholapet.cc udp
US 8.8.8.8:53 yhvtlgfqbex.com udp
US 8.8.8.8:53 cwruns.biz udp
US 8.8.8.8:53 ewrgra.info udp
US 8.8.8.8:53 jbhtfgn.org udp
US 8.8.8.8:53 vhhyksn.cc udp
US 8.8.8.8:53 yadxsa.biz udp
US 8.8.8.8:53 icucymiq.info udp
US 8.8.8.8:53 capnvyfqbex.com udp
US 8.8.8.8:53 gzycfanansnan.cc udp
US 8.8.8.8:53 qcewewiq.info udp
US 8.8.8.8:53 syktjaiugkeq.net udp
US 8.8.8.8:53 jozwzafox.com udp
US 8.8.8.8:53 mqgsxaiugkeq.net udp
US 8.8.8.8:53 yopkua.info udp
US 8.8.8.8:53 ndvcrgn.cc udp
US 8.8.8.8:53 yxuqqadsholapet.org udp
US 8.8.8.8:53 sapcno.info udp
US 8.8.8.8:53 ewxgmk.info udp
US 8.8.8.8:53 munmnkdsholapet.com udp
US 8.8.8.8:53 ttzwcgn.cc udp
US 8.8.8.8:53 emuqzwiq.biz udp
US 8.8.8.8:53 giegosiugkeq.info udp
US 8.8.8.8:53 pmxxgifox.org udp
US 8.8.8.8:53 oceunkdsholapet.com udp
LT 212.117.11.165:14567 tcp
US 8.8.8.8:53 asvxhs.biz udp
US 8.8.8.8:53 ugjlekuiwcymao.net udp
US 8.8.8.8:53 schwyadsholapet.org udp
US 8.8.8.8:53 tjawhwfox.cc udp
US 8.8.8.8:53 yobeuyeoya.info udp
US 8.8.8.8:53 gexcoyeoya.net udp
US 8.8.8.8:53 ltptvafox.org udp
US 8.8.8.8:53 tfbinkn.com udp
US 8.8.8.8:53 ccfbrueoya.biz udp
US 8.8.8.8:53 wxfsuenansnan.com udp
US 8.8.8.8:53 jfmqhafox.com udp
US 8.8.8.8:53 mebmdk.info udp
US 8.8.8.8:53 aifbmguiwcymao.biz udp
US 8.8.8.8:53 rgpgnwfox.org udp
US 8.8.8.8:53 mlocqadsholapet.com udp
US 8.8.8.8:53 mcjqmueoya.net udp
US 8.8.8.8:53 iynsyyeoya.info udp
US 8.8.8.8:53 nxpoowfox.com udp
US 8.8.8.8:53 cmkmzmnansnan.com udp
US 8.8.8.8:53 gkryis.info udp
US 8.8.8.8:53 ykkwcsiugkeq.net udp
US 8.8.8.8:53 uhdlhwnansnan.cc udp
US 8.8.8.8:53 qxtgdufqbex.org udp
US 8.8.8.8:53 csbgjueoya.biz udp
US 8.8.8.8:53 ciaqiiiugkeq.biz udp
US 8.8.8.8:53 kktaxsdsholapet.org udp
US 8.8.8.8:53 cglzcufqbex.org udp
US 8.8.8.8:53 cgxyia.net udp
US 8.8.8.8:53 myozamiq.biz udp
US 8.8.8.8:53 siruxqfqbex.org udp
US 8.8.8.8:53 mhtceufqbex.org udp
US 8.8.8.8:53 qulegyeoya.info udp
US 8.8.8.8:53 celijcuiwcymao.info udp
US 8.8.8.8:53 pvplfcn.cc udp
US 8.8.8.8:53 upsqdenansnan.com udp
US 8.8.8.8:53 qumwgmiq.net udp
US 8.8.8.8:53 sqowawiq.info udp
US 8.8.8.8:53 hlracsn.com udp
US 8.8.8.8:53 vmokuwfox.com udp
US 8.8.8.8:53 cstlnguiwcymao.biz udp
US 8.8.8.8:53 eehapguiwcymao.biz udp
US 8.8.8.8:53 cufuxadsholapet.org udp
US 8.8.8.8:53 nejtjkn.org udp
US 8.8.8.8:53 kwaobaiq.biz udp
US 8.8.8.8:53 mmlmosuiwcymao.net udp
US 8.8.8.8:53 cwdgpwnansnan.org udp
US 8.8.8.8:53 skkstanansnan.cc udp
US 8.8.8.8:53 wwlqhgeoya.net udp
RU 94.137.253.114:37887 tcp
US 8.8.8.8:53 oilfio.biz udp
US 8.8.8.8:53 hfhcdkn.cc udp
US 8.8.8.8:53 eihotufqbex.org udp
US 8.8.8.8:53 uolbqguiwcymao.biz udp
US 8.8.8.8:53 mupwuqeoya.biz udp
US 8.8.8.8:53 yznqxqfqbex.cc udp
US 8.8.8.8:53 trbrysn.cc udp
US 8.8.8.8:53 ikpcrueoya.biz udp
US 8.8.8.8:53 cypwnsuiwcymao.biz udp
US 8.8.8.8:53 inlsqenansnan.com udp
US 8.8.8.8:53 gbpkhgfqbex.cc udp
US 8.8.8.8:53 aylmbqeoya.biz udp
US 8.8.8.8:53 yalqga.net udp
US 8.8.8.8:53 wobzzwnansnan.com udp
US 8.8.8.8:53 zxrihgn.cc udp
US 8.8.8.8:53 oajgygeoya.biz udp
US 8.8.8.8:53 wqcdhiiugkeq.info udp
US 8.8.8.8:53 aptodqfqbex.cc udp
US 8.8.8.8:53 uxkybodsholapet.org udp
US 8.8.8.8:53 kqkucmiq.biz udp
US 8.8.8.8:53 yeelwwiugkeq.info udp
US 8.8.8.8:53 uftbdanansnan.org udp
US 8.8.8.8:53 orgedodsholapet.cc udp
US 8.8.8.8:53 ckjwws.biz udp
US 8.8.8.8:53 wsqncmiq.biz udp
US 8.8.8.8:53 oznoladsholapet.cc udp
US 8.8.8.8:53 uymqdanansnan.cc udp
US 8.8.8.8:53 sctaik.info udp
US 8.8.8.8:53 cgeyaeiq.info udp
US 8.8.8.8:53 qnpobwnansnan.com udp
US 8.8.8.8:53 swgylwiugkeq.info udp
US 8.8.8.8:53 iajimsuiwcymao.net udp
US 8.8.8.8:53 nsjrhafox.com udp
US 8.8.8.8:53 myerasdsholapet.com udp
US 8.8.8.8:53 mcxevguiwcymao.biz udp
US 8.8.8.8:53 ymnqisuiwcymao.biz udp
US 8.8.8.8:53 epzhpadsholapet.org udp
US 8.8.8.8:53 frkkjifox.cc udp
US 8.8.8.8:53 ycmaemiq.info udp
LT 78.61.13.61:16754 tcp
US 8.8.8.8:53 jxzcesn.cc udp
US 8.8.8.8:53 uecfvodsholapet.cc udp
US 8.8.8.8:53 aidfuqeoya.biz udp
US 8.8.8.8:53 ksovoiiugkeq.info udp
US 8.8.8.8:53 dmnansn.cc udp
US 8.8.8.8:53 uwwltodsholapet.com udp
US 8.8.8.8:53 ocsoeaiugkeq.biz udp
US 8.8.8.8:53 weoejaiq.info udp
US 8.8.8.8:53 gertvkdsholapet.cc udp
US 8.8.8.8:53 whstjwnansnan.cc udp
US 8.8.8.8:53 iyyrimiq.net udp
US 8.8.8.8:53 ekfomk.biz udp
US 8.8.8.8:53 ttpwbwfox.com udp
US 8.8.8.8:53 spofbodsholapet.com udp
US 8.8.8.8:53 qyknfaiq.info udp
US 8.8.8.8:53 mcjgkcuiwcymao.info udp
US 8.8.8.8:53 igfaskdsholapet.org udp
US 8.8.8.8:53 bssllifox.com udp
US 8.8.8.8:53 gkpioa.net udp
US 8.8.8.8:53 mwzcvo.info udp
US 8.8.8.8:53 zgnsakn.com udp
US 8.8.8.8:53 vtilrwfox.cc udp
US 8.8.8.8:53 qaflhsuiwcymao.biz udp
US 8.8.8.8:53 pwlipkn.cc udp
US 8.8.8.8:53 hgigeifox.org udp
US 8.8.8.8:53 qkoouaiugkeq.biz udp
US 8.8.8.8:53 oockpsiugkeq.biz udp
US 8.8.8.8:53 kflqhwnansnan.org udp
US 8.8.8.8:53 owfwvqfqbex.org udp
US 8.8.8.8:53 gmkaywiq.biz udp
US 8.8.8.8:53 awdoageoya.biz udp
US 8.8.8.8:53 qtrewqfqbex.cc udp
US 8.8.8.8:53 ywzceyfqbex.org udp
US 8.8.8.8:53 yuxiaguiwcymao.info udp
US 8.8.8.8:53 uotqck.biz udp
BG 84.43.148.133:42762 tcp
US 8.8.8.8:53 aglbwyfqbex.org udp
US 8.8.8.8:53 ztkqlsfox.org udp
US 8.8.8.8:53 eesizmiq.biz udp
US 8.8.8.8:53 sikygmiq.biz udp
US 8.8.8.8:53 aubczufqbex.com udp
US 8.8.8.8:53 rmcwswfox.cc udp
US 8.8.8.8:53 sqvcokuiwcymao.net udp
US 8.8.8.8:53 acbnza.biz udp
US 8.8.8.8:53 grxjiadsholapet.org udp
US 8.8.8.8:53 ftsszifox.org udp
US 8.8.8.8:53 wmuasaiq.info udp
US 8.8.8.8:53 wmtyfcuiwcymao.net udp
US 8.8.8.8:53 oorajmnansnan.com udp
US 8.8.8.8:53 czfmlufqbex.org udp
US 8.8.8.8:53 ymfwugeoya.net udp
US 8.8.8.8:53 ecwvmiiugkeq.biz udp
US 8.8.8.8:53 gxdmjyfqbex.com udp
US 8.8.8.8:53 kapmjgfqbex.org udp
US 8.8.8.8:53 giecbeiq.net udp
US 8.8.8.8:53 wgecnmiq.net udp
US 8.8.8.8:53 idbxmenansnan.cc udp
US 8.8.8.8:53 zaqnbifox.cc udp
US 8.8.8.8:53 maksmaiugkeq.biz udp
US 8.8.8.8:53 ieiaimiq.info udp
US 8.8.8.8:53 bubcrifox.com udp
US 8.8.8.8:53 kphesgfqbex.cc udp
US 8.8.8.8:53 qqrmqyeoya.net udp
US 8.8.8.8:53 gsjwmyeoya.info udp
US 8.8.8.8:53 acjybkdsholapet.org udp
US 8.8.8.8:53 pnglvifox.org udp
US 8.8.8.8:53 eiryro.net udp
US 8.8.8.8:53 agdrxgeoya.info udp
US 8.8.8.8:53 hmvudifox.com udp
US 8.8.8.8:53 vatadsn.cc udp
US 8.8.8.8:53 yacmxaiq.net udp
US 8.8.8.8:53 uilgxk.info udp
US 8.8.8.8:53 islmzgfqbex.org udp
US 8.8.8.8:53 oefqyqfqbex.org udp
US 8.8.8.8:53 manctguiwcymao.net udp
US 8.8.8.8:53 gkyuqaiugkeq.biz udp
US 8.8.8.8:53 oxratmnansnan.org udp
US 8.8.8.8:53 yqqbawnansnan.cc udp
US 8.8.8.8:53 wqnupo.net udp
US 8.8.8.8:53 iuzuiadsholapet.cc udp
US 8.8.8.8:53 tmvtpkn.cc udp
US 8.8.8.8:53 cugfziiugkeq.biz udp
US 8.8.8.8:53 aepoha.info udp
US 8.8.8.8:53 zkhoeifox.org udp
US 8.8.8.8:53 yegjjenansnan.org udp
US 8.8.8.8:53 cyvrsa.net udp
US 8.8.8.8:53 mkxecs.info udp
US 8.8.8.8:53 gsdegsdsholapet.cc udp
US 8.8.8.8:53 zqysrsfox.org udp
US 8.8.8.8:53 eqhpkueoya.biz udp
US 8.8.8.8:53 ikjufgeoya.net udp
US 8.8.8.8:53 gfbmogfqbex.com udp
US 8.8.8.8:53 dwldhkn.org udp
US 8.8.8.8:53 csxmwa.info udp
BG 195.234.87.61:38793 tcp
US 8.8.8.8:53 iqdeckuiwcymao.biz udp
US 8.8.8.8:53 tsjeqafox.org udp
US 8.8.8.8:53 ptloqgn.com udp
US 8.8.8.8:53 iugakwiq.net udp
US 8.8.8.8:53 isvwmkuiwcymao.info udp
US 8.8.8.8:53 gknmwufqbex.cc udp
US 8.8.8.8:53 iznihqfqbex.com udp
US 8.8.8.8:53 uiwcjsiugkeq.biz udp
US 8.8.8.8:53 gixftyeoya.info udp
US 8.8.8.8:53 idvoxwnansnan.cc udp
US 8.8.8.8:53 byzuxgn.cc udp
US 8.8.8.8:53 iabuqguiwcymao.biz udp
US 8.8.8.8:53 gjdfvwnansnan.com udp
US 8.8.8.8:53 dffsrsn.org udp
US 8.8.8.8:53 sivexyeoya.net udp
US 8.8.8.8:53 uqpzckuiwcymao.info udp
US 8.8.8.8:53 suzwfqfqbex.cc udp
US 8.8.8.8:53 eszycs.net udp
US 8.8.8.8:53 gcbgiguiwcymao.biz udp
US 8.8.8.8:53 iefgbqfqbex.cc udp
US 8.8.8.8:53 mymqnmnansnan.com udp
US 8.8.8.8:53 cgpmps.net udp
US 8.8.8.8:53 aulwxueoya.net udp
US 8.8.8.8:53 orpjzqfqbex.com udp
US 8.8.8.8:53 wglqssuiwcymao.biz udp
US 8.8.8.8:53 cyayeaiugkeq.info udp
US 8.8.8.8:53 sqdhpwnansnan.com udp
US 8.8.8.8:53 snzmvgfqbex.cc udp
US 8.8.8.8:53 moowyeiq.info udp
US 8.8.8.8:53 kyahisiugkeq.biz udp
US 8.8.8.8:53 mshmosdsholapet.org udp
US 8.8.8.8:53 fieqtafox.cc udp
US 8.8.8.8:53 weejmwiq.info udp
US 8.8.8.8:53 sikaewiq.net udp
US 8.8.8.8:53 zmjagwfox.org udp
US 8.8.8.8:53 qluhvwnansnan.cc udp
US 8.8.8.8:53 eatcucuiwcymao.biz udp
US 8.8.8.8:53 cexuqgeoya.net udp
US 8.8.8.8:53 qdzozwnansnan.org udp
US 8.8.8.8:53 zbrcxgn.org udp
US 8.8.8.8:53 gymyweiq.info udp
US 8.8.8.8:53 aovyio.net udp
US 8.8.8.8:53 ubnouadsholapet.com udp
US 8.8.8.8:53 mifmcufqbex.cc udp
US 8.8.8.8:53 qyybyiiugkeq.biz udp
US 8.8.8.8:53 muacceiq.net udp
US 8.8.8.8:53 egtpmodsholapet.org udp
US 8.8.8.8:53 vfgjfafox.com udp
US 8.8.8.8:53 swclbiiugkeq.net udp
MK 62.162.209.93:25221 tcp
US 8.8.8.8:53 getgao.biz udp
US 8.8.8.8:53 cmnjbqfqbex.com udp
US 8.8.8.8:53 zxsgxsfox.cc udp
US 8.8.8.8:53 ukbpuyeoya.net udp
US 8.8.8.8:53 qceocwiq.biz udp
US 8.8.8.8:53 bdrwrifox.org udp
US 8.8.8.8:53 cesojwnansnan.com udp
US 8.8.8.8:53 ggdhoo.info udp
US 8.8.8.8:53 ymezueiq.info udp
US 8.8.8.8:53 eexmdsdsholapet.org udp
US 8.8.8.8:53 nqxyqgn.cc udp
US 8.8.8.8:53 comqjwiq.biz udp
US 8.8.8.8:53 yqwkqeiq.biz udp
US 8.8.8.8:53 ytzmhufqbex.com udp
US 8.8.8.8:53 gyxyvufqbex.com udp
US 8.8.8.8:53 osfiqyeoya.biz udp
US 8.8.8.8:53 mcdgasuiwcymao.net udp
US 8.8.8.8:53 xqdbzcn.cc udp
US 8.8.8.8:53 fyocvifox.cc udp
US 8.8.8.8:53 isekeaiugkeq.net udp
US 8.8.8.8:53 wkzkwk.biz udp
US 8.8.8.8:53 rplohafox.com udp
US 8.8.8.8:53 axmiladsholapet.org udp
US 8.8.8.8:53 kihkqkuiwcymao.biz udp
US 8.8.8.8:53 gmlhva.info udp
US 8.8.8.8:53 aczswufqbex.cc udp
US 8.8.8.8:53 aieosadsholapet.cc udp
US 8.8.8.8:53 ggmyveiq.info udp
US 8.8.8.8:53 xkzsbgn.com udp
US 8.8.8.8:53 vjrgrcn.cc udp
US 8.8.8.8:53 sartiyeoya.net udp
US 8.8.8.8:53 qrvuvufqbex.com udp
US 8.8.8.8:53 jonuakn.com udp
US 8.8.8.8:53 imvuiyeoya.biz udp
US 8.8.8.8:53 owngpa.biz udp
US 8.8.8.8:53 avhlmyfqbex.cc udp
US 8.8.8.8:53 utiyvenansnan.org udp
US 8.8.8.8:53 wykiwwiugkeq.info udp
US 8.8.8.8:53 osusqmiq.biz udp
US 8.8.8.8:53 sczrvufqbex.org udp
BG 78.40.139.120:14679 tcp
US 8.8.8.8:53 qikivodsholapet.com udp
US 8.8.8.8:53 mehcsyeoya.biz udp
US 8.8.8.8:53 mkybywiugkeq.net udp
US 8.8.8.8:53 xhhmuifox.cc udp
US 8.8.8.8:53 lyfwngn.com udp
US 8.8.8.8:53 uafdiguiwcymao.net udp
US 8.8.8.8:53 eyrvmguiwcymao.biz udp
US 8.8.8.8:53 eqjsisdsholapet.com udp
US 8.8.8.8:53 eqkpxanansnan.com udp
US 8.8.8.8:53 iybujyeoya.biz udp
US 8.8.8.8:53 yuhgyo.biz udp
US 8.8.8.8:53 kcdfasdsholapet.cc udp
US 8.8.8.8:53 besntafox.com udp
US 8.8.8.8:53 eqmumwiq.net udp
US 8.8.8.8:53 egvwaa.biz udp
US 8.8.8.8:53 xbxisafox.com udp
US 8.8.8.8:53 qnozvwnansnan.org udp
US 8.8.8.8:53 akpomo.net udp
US 8.8.8.8:53 oyacsaiugkeq.info udp
US 8.8.8.8:53 eutjzsdsholapet.cc udp
US 8.8.8.8:53 owsuzwnansnan.org udp
US 8.8.8.8:53 cgymowiq.biz udp
US 8.8.8.8:53 mmfcecuiwcymao.biz udp
US 8.8.8.8:53 cwdapgfqbex.cc udp
US 8.8.8.8:53 lqvjfsn.cc udp
US 8.8.8.8:53 oiuyisiugkeq.info udp
US 8.8.8.8:53 ysfoqguiwcymao.biz udp
US 8.8.8.8:53 yrhqrqfqbex.cc udp
US 8.8.8.8:53 crmmvsdsholapet.org udp
US 8.8.8.8:53 gitzhs.info udp
US 8.8.8.8:53 qkiqfwiq.info udp
US 8.8.8.8:53 ljxqosfox.org udp
US 8.8.8.8:53 wndyoufqbex.com udp
US 8.8.8.8:53 acjkvk.info udp
US 8.8.8.8:53 ginmmyeoya.net udp
US 8.8.8.8:53 zazemafox.com udp
US 8.8.8.8:53 oszimqeoya.info udp
US 8.8.8.8:53 cwbggyeoya.biz udp
US 8.8.8.8:53 rvlrtafox.com udp
US 8.8.8.8:53 tgeshafox.cc udp
US 8.8.8.8:53 uunoak.info udp
US 8.8.8.8:53 qckmqeiq.biz udp
US 8.8.8.8:53 mwdgrkdsholapet.cc udp
US 8.8.8.8:53 pfgoksfox.cc udp
US 8.8.8.8:53 qweicmiq.biz udp
US 8.8.8.8:53 skhhiqeoya.biz udp
US 8.8.8.8:53 vbznrgn.org udp
US 8.8.8.8:53 srjilyfqbex.org udp
US 8.8.8.8:53 qmdeho.biz udp
US 8.8.8.8:53 uyxyaguiwcymao.net udp
US 8.8.8.8:53 zmjcssn.cc udp
US 8.8.8.8:53 qregladsholapet.org udp
US 8.8.8.8:53 ecxmyqeoya.info udp
US 8.8.8.8:53 konziueoya.info udp
US 8.8.8.8:53 lxlshsfox.cc udp
US 8.8.8.8:53 uquqtwnansnan.org udp
US 8.8.8.8:53 yybqus.net udp
US 8.8.8.8:53 wsugqwiugkeq.biz udp
US 8.8.8.8:53 xufincn.cc udp
US 8.8.8.8:53 aykcjmnansnan.org udp
US 8.8.8.8:53 oukykaiugkeq.net udp
US 8.8.8.8:53 qutejs.biz udp
US 8.8.8.8:53 cgxlzqfqbex.cc udp
US 8.8.8.8:53 uhvilyfqbex.com udp
US 8.8.8.8:53 umjaoueoya.biz udp
US 8.8.8.8:53 suxenyfqbex.com udp
BG 95.42.150.211:16028 tcp
US 8.8.8.8:53 bbbqogn.cc udp
US 8.8.8.8:53 uyssoiiugkeq.info udp
US 8.8.8.8:53 ighgjs.biz udp
US 8.8.8.8:53 ccfscyfqbex.org udp
US 8.8.8.8:53 yayvdenansnan.cc udp
US 8.8.8.8:53 mqleuk.biz udp
US 8.8.8.8:53 iodwkk.info udp
US 8.8.8.8:53 txjfrsfox.com udp
US 8.8.8.8:53 aazpsguiwcymao.biz udp
US 8.8.8.8:53 uykmdeiq.biz udp
US 8.8.8.8:53 mhzuwmnansnan.cc udp
US 8.8.8.8:53 uplovyfqbex.org udp
US 8.8.8.8:53 akfhkcuiwcymao.info udp
US 8.8.8.8:53 qgwoqsiugkeq.net udp
US 8.8.8.8:53 hjjzngn.org udp
US 8.8.8.8:53 axwbladsholapet.org udp
US 8.8.8.8:53 waymuwiq.biz udp
US 8.8.8.8:53 iucsusiugkeq.biz udp
US 8.8.8.8:53 pkdrqafox.com udp
US 8.8.8.8:53 wmbmlufqbex.com udp
US 8.8.8.8:53 waenbiiugkeq.biz udp
US 8.8.8.8:53 mersoqeoya.biz udp
US 8.8.8.8:53 sudayanansnan.org udp
US 8.8.8.8:53 ycsceiiugkeq.net udp
US 8.8.8.8:53 scbzksuiwcymao.info udp
US 8.8.8.8:53 oitcuqfqbex.cc udp
US 8.8.8.8:53 uoiydkdsholapet.org udp
US 8.8.8.8:53 wwbqrcuiwcymao.info udp
US 8.8.8.8:53 imdeek.info udp
US 8.8.8.8:53 iqldiodsholapet.cc udp
US 8.8.8.8:53 phqkvwfox.com udp
US 8.8.8.8:53 owdajs.biz udp
US 8.8.8.8:53 kqvkns.net udp
US 8.8.8.8:53 vxaebafox.cc udp
US 8.8.8.8:53 mmbvxs.info udp
US 8.8.8.8:53 sooteiiugkeq.biz udp
US 8.8.8.8:53 eebuikdsholapet.com udp
US 8.8.8.8:53 oaxkjyfqbex.org udp
US 8.8.8.8:53 akzwsguiwcymao.info udp
US 8.8.8.8:53 sgpxsqeoya.biz udp
US 8.8.8.8:53 xcvpnsfox.com udp
US 8.8.8.8:53 owkwlwnansnan.com udp
US 8.8.8.8:53 wyciqwiugkeq.info udp
US 8.8.8.8:53 auoiuaiugkeq.info udp
US 8.8.8.8:53 gahujsdsholapet.org udp
US 8.8.8.8:53 vqtsgkn.com udp
US 8.8.8.8:53 oodymo.net udp
US 8.8.8.8:53 oaqxkaiugkeq.info udp
LT 89.116.143.149:20585 tcp
US 8.8.8.8:53 xjnyvafox.org udp
US 8.8.8.8:53 kcwidmnansnan.cc udp
US 8.8.8.8:53 usmeciiugkeq.biz udp
US 8.8.8.8:53 eugwbsiugkeq.biz udp
US 8.8.8.8:53 fyflfkn.org udp
US 8.8.8.8:53 riykswfox.cc udp
US 8.8.8.8:53 uklyqa.biz udp
US 8.8.8.8:53 ssgskwiq.net udp
US 8.8.8.8:53 fddysifox.org udp
US 8.8.8.8:53 goragufqbex.com udp
US 8.8.8.8:53 ombweqeoya.net udp
US 8.8.8.8:53 swbrgcuiwcymao.info udp
US 8.8.8.8:53 zbtkbcn.org udp
US 8.8.8.8:53 yessjmnansnan.org udp
US 8.8.8.8:53 eapisguiwcymao.biz udp
US 8.8.8.8:53 uktock.info udp
US 8.8.8.8:53 bhdiokn.com udp
US 8.8.8.8:53 mcmzqkdsholapet.org udp
US 8.8.8.8:53 gqviuyeoya.biz udp
US 8.8.8.8:53 ywyucaiugkeq.net udp
US 8.8.8.8:53 wuhphyfqbex.org udp
US 8.8.8.8:53 qloxdenansnan.com udp
US 8.8.8.8:53 seporueoya.biz udp
US 8.8.8.8:53 yiwsgeiq.info udp
BG 95.43.197.73:36325 tcp
US 8.8.8.8:53 gooelkdsholapet.com udp
US 8.8.8.8:53 iqpjrueoya.biz udp
US 8.8.8.8:53 yspsgk.net udp
US 8.8.8.8:53 mbxihanansnan.cc udp
US 8.8.8.8:53 uwubwanansnan.org udp
US 8.8.8.8:53 uyayqwiugkeq.net udp
US 8.8.8.8:53 cgimuwiugkeq.net udp
US 8.8.8.8:53 iddqwqfqbex.cc udp
US 8.8.8.8:53 uqnlbcuiwcymao.biz udp
US 8.8.8.8:53 quzxoa.info udp
US 8.8.8.8:53 mchwdanansnan.cc udp
US 8.8.8.8:53 kqpskgeoya.biz udp
US 8.8.8.8:53 qwlrvqeoya.net udp
US 8.8.8.8:53 hrnudsfox.com udp
US 8.8.8.8:53 aigenadsholapet.org udp
US 8.8.8.8:53 sofmgs.biz udp
US 8.8.8.8:53 sgbyko.info udp
US 8.8.8.8:53 tozeksn.cc udp
US 8.8.8.8:53 gxksrmnansnan.cc udp
US 8.8.8.8:53 muxyoa.net udp
US 8.8.8.8:53 osrqqqeoya.net udp
US 8.8.8.8:53 cqznqsdsholapet.com udp
US 8.8.8.8:53 scauaenansnan.org udp
US 8.8.8.8:53 mevpuqeoya.biz udp
US 8.8.8.8:53 aoiajwiq.biz udp
US 8.8.8.8:53 ssxyxyfqbex.com udp
US 8.8.8.8:53 smawxwiq.info udp
US 8.8.8.8:53 mqvoos.info udp
US 8.8.8.8:53 kbdpjsdsholapet.cc udp
US 8.8.8.8:53 ebganmnansnan.cc udp
US 8.8.8.8:53 iqgutmiq.biz udp
US 8.8.8.8:53 umyehaiugkeq.biz udp
US 8.8.8.8:53 nqjszwfox.org udp
US 8.8.8.8:53 rxpwhsn.org udp
US 8.8.8.8:53 ceaoqmiq.info udp
US 8.8.8.8:53 yumeraiugkeq.net udp
US 8.8.8.8:53 qfrqhadsholapet.org udp
US 8.8.8.8:53 inemlenansnan.org udp
US 8.8.8.8:53 esdwxo.net udp
US 8.8.8.8:53 amxgxodsholapet.org udp
US 8.8.8.8:53 oxwyzwnansnan.cc udp
US 8.8.8.8:53 qsvcxguiwcymao.biz udp
US 8.8.8.8:53 keacqaiq.net udp
US 8.8.8.8:53 whlptkdsholapet.org udp
US 8.8.8.8:53 uiesrmnansnan.com udp
US 8.8.8.8:53 wmhiwgeoya.net udp
US 8.8.8.8:53 iypmnqfqbex.com udp
US 8.8.8.8:53 fzhebgn.com udp
US 8.8.8.8:53 gufuwueoya.net udp
US 8.8.8.8:53 ceyxisiugkeq.biz udp
US 8.8.8.8:53 yihkdufqbex.com udp
US 8.8.8.8:53 yhcvdanansnan.org udp
US 8.8.8.8:53 mgaeewiugkeq.info udp
US 8.8.8.8:53 aoqyewiq.net udp
BG 93.183.185.47:23345 tcp

Files

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

MD5 85cb856b920e7b0b7b75115336fc2af2
SHA1 1d1a207efec2f5187583b652c35aef74ee4c473f
SHA256 6fff20aabe8265b6e811c9dbcb987f9c15cf07d1d8b80ced7b287d96900f5c62
SHA512 120ff9c77c19216e5691b6ba812f09f7db7b46685a391027fff56e5b73200f4211b6bac2c2d28cdfe461d1fbf10f1a3204adeedbd0a34a034a862c6278d901e8

C:\Windows\SysWOW64\mhvkdzsfxqjjmaibqh.exe

MD5 b19410583c5cac21e5066dee43513859
SHA1 5a1f933d7ce3a7d5b2001051e4dad32ac0bfeb35
SHA256 226da79bd298b6c72453572e2f34a1b40e19db0c51e10197ac00daf0d499b770
SHA512 c98e8ebcdeeb687d95d20be83d4a7c344c900c6a56fc508d9f4f42789e8dcd35d2c2ea8a142bdfc9da07db382f069b2d41a2bbf6bcf0b7b9a1e24ee3c0bc814c

C:\Users\Admin\AppData\Local\Temp\xhkowhp.exe

MD5 7fa45da35a4539fc49779fb80ce640fe
SHA1 ffca0bc52006e6833571510b38106d58e180b26e
SHA256 ff70a387540245caee3ba339fb5fa5ea4ed89a9efa522bfd26e9bf38413ea3f5
SHA512 bb96916b04addd58d125792ca46e2b4821e98c03148285a0a07a209a6524088af41b44ba2b4f8cc0ab6beb60734beb72804cebb0aecfa91345e8e18f8382fa18

C:\Users\Admin\AppData\Local\jpooszdbeimxlkdhhjlrqqubf.gko

MD5 4aa2d6f69896352d0c7d99703b8d477d
SHA1 eab2982e91c11fdbcb20129baf15a86b0c4a6fcf
SHA256 d74820962239e677fa43b31ad88b88b0d559e0764b58cc2f06976e3b5613990c
SHA512 2494d4a5a72814d176da2beddd67d1b2cf0181ff85e6a5a0bf21c8c4c22c1289c60887f30d608d0462b344ac614ed324db56f7a4f9b014f4e1cdae91aedde09b

C:\Users\Admin\AppData\Local\ofpaphwftixtscgvgtgxhshzoxlaplkuynyl.pzk

MD5 4c2cfe8ece9fe362153ac7543bbb7519
SHA1 116db93440d1180c9da15dd0f2fe68846362dc4e
SHA256 238180d34f131a807ab279183caded384f71fd4d03b2583517b75c89fc043318
SHA512 222a16599b5f49e4462325fe17a492f9857a85cc04e969221e20206c883479e7effaf085fbc6b10d87335a2e6af706932dc27f22333159391213b904d6fb74c0

C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko

MD5 fb6c00763badea15aa679ec6d2fbc505
SHA1 60df274d36e1005799c29aa7ee60ece9e06dab14
SHA256 438177aa404b1adcdc494be7d115e624e8fa55a17a0626ca9a14b3ccee317636
SHA512 a804f6979731a99fe8cde2166367f8fefca74ba576c7f5d7e8a5b2e4aa0b927d48d2fb10b14d4464bdb055f1d048e5f3f6302a97fd445a6e5354e33a3a2bde71

C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko

MD5 0f265654cce096d5a7710f11ddbb75e7
SHA1 8d8c3c2547136a25f261758a638c99fc7e513ddd
SHA256 d35f85ff6f50bd3782e1ddd4c095c425d8bb9b597aa025b943157b332b92fdd0
SHA512 47a40815393fa17a2f00106fc2df9f86fa5eef234108971de9b8a47fc3b66fbb8c8a078e1efb2a9caf33d0c8f6415236642a874435ffc37c65eb2ba48486c80f

C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko

MD5 0910031ab177413b18f1f45fbe2c7a4d
SHA1 f42970171f047e6224829b2f9435982a6b2a542f
SHA256 510a0975a5ee828513d69ada93e0b8f42c0e5e5afdc0b07f8a2dd1dd05048bb2
SHA512 b9ff7887cbff55771b01c07d9c95e257e9c1620c99341ca746f5eb6d4a25456782fff324ee4fd901fface40b132fde2812e43e15fea7f54ef072a6ac132f2c50

C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko

MD5 360c8e9be904d9aea8642554b247f2b0
SHA1 7dbb4b1b7dc01c6ad839b863952fe9974a59f253
SHA256 3953df9da7727c3ba226db61c39a04821040993832e11ff4dae9819b9ad95bfe
SHA512 7e2d283de1060b8ce17e1148491763cc8fa333afa734a5d2e4cb9f8c67622c20e54466dd241b1a114dd81c9ddc489b721ab70c065bb76af5742d04f9e2cb45d8

C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko

MD5 5a1c910726f1feaf6aac00be29cd6be7
SHA1 7a96b607d34b88c7402c4a8090e8d25fd352430c
SHA256 b0e93fd0131351d31515c193fe2e1d9d18411ccdf206f85566b0b124f2c86fe2
SHA512 6981581ee2b3398a5950e36176b0fcfe045c2108aa8104a99649af3d3d0be2cd0c3ac43413548f23a1017dabdc5f48152b8e55a2dfa79501b570a2a747b75167

C:\Program Files (x86)\jpooszdbeimxlkdhhjlrqqubf.gko

MD5 5930b52604f8ad818aa84109c3b56923
SHA1 1e422ff0dd98d1f7ee599a7a95976f8cba0ea8c4
SHA256 94ef414bb89d575218fbbd4b177ca956dbfc496499f78e49eb4faebcde1880f8
SHA512 4fab6c669c5bf855889cc0bbdc4d78848e548b13895b693ba30d76b6394779acb97cb404525fa60c52d96643bcfa1ff058d1e3b03f0529ecd061a94197672c6d