Malware Analysis Report

2025-08-10 16:34

Sample ID 250412-r2spdawqt8
Target JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce
SHA256 13e8f8cf343f9c910a2a465fbfb2504a07fb9224bfad739ab6d70ce8c70681b6
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

13e8f8cf343f9c910a2a465fbfb2504a07fb9224bfad739ab6d70ce8c70681b6

Threat Level: Known bad

The file JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

Pykspa family

Modifies WinLogon for persistence

UAC bypass

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks computer location settings

Checks whether UAC is enabled

Adds Run key to start application

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-12 14:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-12 14:41

Reported

2025-04-12 14:44

Platform

win10v2004-20250410-en

Max time kernel

39s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\istdit = "igvtmleykfbdiyidunec.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\hom = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kgtpgdumwpjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oyzhuynr = "bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\biglv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yqzpkwtfyjhiuare.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yqzpkwtfyjhiuare.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yqzpkwtfyjhiuare.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\oitliwvjerruiqjypi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\yqzpkwtfyjhiuare.exe N/A
N/A N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Windows\yqzpkwtfyjhiuare.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\mivpoefvshjoeojatokx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Windows\mivpoefvshjoeojatokx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\mivpoefvshjoeojatokx.exe N/A
N/A N/A C:\Windows\oitliwvjerruiqjypi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
N/A N/A C:\Windows\oitliwvjerruiqjypi.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\fyizvigtnzyanumaq.exe N/A
N/A N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\oitliwvjerruiqjypi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "oitliwvjerruiqjypi.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "oitliwvjerruiqjypi.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "yqzpkwtfyjhiuare.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "zugzxmmbxlmqfoiyqkf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "zugzxmmbxlmqfoiyqkf.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "mivpoefvshjoeojatokx.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "mivpoefvshjoeojatokx.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "yqzpkwtfyjhiuare.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "zugzxmmbxlmqfoiyqkf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fqsbpukpb = "fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "mivpoefvshjoeojatokx.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mivpoefvshjoeojatokx.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mutzkm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fyizvigtnzyanumaq.exe" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "oitliwvjerruiqjypi.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "zugzxmmbxlmqfoiyqkf.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "oitliwvjerruiqjypi.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tgkvlskrfle = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zugzxmmbxlmqfoiyqkf.exe ." C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mutzkm = "oitliwvjerruiqjypi.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yknxmsjpch = "fyizvigtnzyanumaq.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ziipbes = "bymhhyarpfiofqmeyurfa.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qejvmunvkrli = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yqzpkwtfyjhiuare.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File created C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Program Files (x86)\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File created C:\Program Files (x86)\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File created C:\Windows\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\sqfbcuxpofjqiurkfcaplm.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\oitliwvjerruiqjypi.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\mivpoefvshjoeojatokx.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
File opened for modification C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zugzxmmbxlmqfoiyqkf.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zugzxmmbxlmqfoiyqkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mivpoefvshjoeojatokx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yqzpkwtfyjhiuare.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oitliwvjerruiqjypi.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4100 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4100 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4100 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2300 wrote to memory of 4648 N/A C:\Windows\system32\cmd.exe C:\Windows\yqzpkwtfyjhiuare.exe
PID 2300 wrote to memory of 4648 N/A C:\Windows\system32\cmd.exe C:\Windows\yqzpkwtfyjhiuare.exe
PID 2300 wrote to memory of 4648 N/A C:\Windows\system32\cmd.exe C:\Windows\yqzpkwtfyjhiuare.exe
PID 2148 wrote to memory of 5704 N/A C:\Windows\system32\cmd.exe C:\Windows\bymhhyarpfiofqmeyurfa.exe
PID 2148 wrote to memory of 5704 N/A C:\Windows\system32\cmd.exe C:\Windows\bymhhyarpfiofqmeyurfa.exe
PID 2148 wrote to memory of 5704 N/A C:\Windows\system32\cmd.exe C:\Windows\bymhhyarpfiofqmeyurfa.exe
PID 5704 wrote to memory of 5756 N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5704 wrote to memory of 5756 N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5704 wrote to memory of 5756 N/A C:\Windows\bymhhyarpfiofqmeyurfa.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5132 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\bymhhyarpfiofqmeyurfa.exe
PID 5132 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\bymhhyarpfiofqmeyurfa.exe
PID 5132 wrote to memory of 4392 N/A C:\Windows\system32\cmd.exe C:\Windows\bymhhyarpfiofqmeyurfa.exe
PID 5988 wrote to memory of 1416 N/A C:\Windows\system32\cmd.exe C:\Windows\yqzpkwtfyjhiuare.exe
PID 5988 wrote to memory of 1416 N/A C:\Windows\system32\cmd.exe C:\Windows\yqzpkwtfyjhiuare.exe
PID 5988 wrote to memory of 1416 N/A C:\Windows\system32\cmd.exe C:\Windows\yqzpkwtfyjhiuare.exe
PID 1536 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
PID 1536 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
PID 1536 wrote to memory of 2976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe
PID 3092 wrote to memory of 5176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
PID 3092 wrote to memory of 5176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
PID 3092 wrote to memory of 5176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
PID 1416 wrote to memory of 5732 N/A C:\Windows\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1416 wrote to memory of 5732 N/A C:\Windows\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1416 wrote to memory of 5732 N/A C:\Windows\yqzpkwtfyjhiuare.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5176 wrote to memory of 5912 N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5176 wrote to memory of 5912 N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5176 wrote to memory of 5912 N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 116 wrote to memory of 1628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
PID 116 wrote to memory of 1628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
PID 116 wrote to memory of 1628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe
PID 5208 wrote to memory of 5660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
PID 5208 wrote to memory of 5660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
PID 5208 wrote to memory of 5660 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe
PID 5660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5660 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4508 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
PID 4508 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
PID 4508 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
PID 4508 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
PID 4508 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
PID 4508 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\mutzkm.exe
PID 4244 wrote to memory of 1720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4244 wrote to memory of 1720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4244 wrote to memory of 1720 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3156 wrote to memory of 1088 N/A C:\Windows\system32\cmd.exe C:\Windows\fyizvigtnzyanumaq.exe
PID 3156 wrote to memory of 1088 N/A C:\Windows\system32\cmd.exe C:\Windows\fyizvigtnzyanumaq.exe
PID 3156 wrote to memory of 1088 N/A C:\Windows\system32\cmd.exe C:\Windows\fyizvigtnzyanumaq.exe
PID 2916 wrote to memory of 5044 N/A C:\Windows\system32\cmd.exe C:\Windows\fyizvigtnzyanumaq.exe
PID 2916 wrote to memory of 5044 N/A C:\Windows\system32\cmd.exe C:\Windows\fyizvigtnzyanumaq.exe
PID 2916 wrote to memory of 5044 N/A C:\Windows\system32\cmd.exe C:\Windows\fyizvigtnzyanumaq.exe
PID 2668 wrote to memory of 5712 N/A C:\Windows\system32\cmd.exe C:\Windows\oitliwvjerruiqjypi.exe
PID 2668 wrote to memory of 5712 N/A C:\Windows\system32\cmd.exe C:\Windows\oitliwvjerruiqjypi.exe
PID 2668 wrote to memory of 5712 N/A C:\Windows\system32\cmd.exe C:\Windows\oitliwvjerruiqjypi.exe
PID 5044 wrote to memory of 396 N/A C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5044 wrote to memory of 396 N/A C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5044 wrote to memory of 396 N/A C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5712 wrote to memory of 2028 N/A C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5712 wrote to memory of 2028 N/A C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5712 wrote to memory of 2028 N/A C:\Windows\fyizvigtnzyanumaq.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2224 wrote to memory of 5628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mutzkm.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b28fa6555cafc95802f3ddea94c609ce.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b28fa6555cafc95802f3ddea94c609ce.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\mutzkm.exe

"C:\Users\Admin\AppData\Local\Temp\mutzkm.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b28fa6555cafc95802f3ddea94c609ce.exe"

C:\Users\Admin\AppData\Local\Temp\mutzkm.exe

"C:\Users\Admin\AppData\Local\Temp\mutzkm.exe" "-c:\users\admin\appdata\local\temp\jaffacakes118_b28fa6555cafc95802f3ddea94c609ce.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."

C:\Windows\vsgdvtlepjefjyhbrjz.exe

vsgdvtlepjefjyhbrjz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\kgtpgdumwpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe

C:\Users\Admin\AppData\Local\Temp\xwmlffzuhdadjalhztlka.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\xwmlffzuhdadjalhztlka.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uoztidsiqhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c kgtpgdumwpjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\xwmlffzuhdadjalhztlka.exe

xwmlffzuhdadjalhztlka.exe

C:\Windows\uoztidsiqhzxykqh.exe

uoztidsiqhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Windows\kgtpgdumwpjjmaibqh.exe

kgtpgdumwpjjmaibqh.exe

C:\Windows\kgtpgdumwpjjmaibqh.exe

kgtpgdumwpjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\kgtpgdumwpjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\kgtpgdumwpjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\uoztidsiqhzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\xwmlffzuhdadjalhztlka.exe

xwmlffzuhdadjalhztlka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\igvtmleykfbdiyidunec.exe

igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xwmlffzuhdadjalhztlka.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Windows\xwmlffzuhdadjalhztlka.exe

xwmlffzuhdadjalhztlka.exe

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\bwidtpfwfxqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\igvtmleykfbdiyidunec.exe

igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\igvtmleykfbdiyidunec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe

C:\Users\Admin\AppData\Local\Temp\igvtmleykfbdiyidunec.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\igvtmleykfbdiyidunec.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yqzpkwtfyjhiuare.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\oitliwvjerruiqjypi.exe*."

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c igvtmleykfbdiyidunec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\fyizvigtnzyanumaq.exe*."

C:\Windows\igvtmleykfbdiyidunec.exe

igvtmleykfbdiyidunec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c uoztidsiqhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vsgdvtlepjefjyhbrjz.exe

C:\Windows\uoztidsiqhzxykqh.exe

uoztidsiqhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\vsgdvtlepjefjyhbrjz.exe

vsgdvtlepjefjyhbrjz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\uoztidsiqhzxykqh.exe*."

C:\Windows\bwidtpfwfxqpreldr.exe

bwidtpfwfxqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bwidtpfwfxqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vsgdvtlepjefjyhbrjz.exe*."

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Users\Admin\AppData\Local\Temp\vsgdvtlepjefjyhbrjz.exe

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\uoztidsiqhzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe

C:\Users\Admin\AppData\Local\Temp\mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\uoztidsiqhzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\mivpoefvshjoeojatokx.exe*."

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fyizvigtnzyanumaq.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Windows\fyizvigtnzyanumaq.exe

fyizvigtnzyanumaq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\fyizvigtnzyanumaq.exe*."

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe

C:\Users\Admin\AppData\Local\Temp\bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe .

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\mivpoefvshjoeojatokx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Windows\zugzxmmbxlmqfoiyqkf.exe

zugzxmmbxlmqfoiyqkf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\zugzxmmbxlmqfoiyqkf.exe*."

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe

C:\Users\Admin\AppData\Local\Temp\zugzxmmbxlmqfoiyqkf.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\zugzxmmbxlmqfoiyqkf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\fyizvigtnzyanumaq.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe

C:\Users\Admin\AppData\Local\Temp\oitliwvjerruiqjypi.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\oitliwvjerruiqjypi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mivpoefvshjoeojatokx.exe

C:\Windows\mivpoefvshjoeojatokx.exe

mivpoefvshjoeojatokx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bymhhyarpfiofqmeyurfa.exe .

C:\Windows\bymhhyarpfiofqmeyurfa.exe

bymhhyarpfiofqmeyurfa.exe .

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe

"C:\Users\Admin\AppData\Local\Temp\vgitzlr.exe" "-c:\windows\fyizvigtnzyanumaq.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yqzpkwtfyjhiuare.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\bymhhyarpfiofqmeyurfa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oitliwvjerruiqjypi.exe .

C:\Windows\yqzpkwtfyjhiuare.exe

yqzpkwtfyjhiuare.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Windows\oitliwvjerruiqjypi.exe

oitliwvjerruiqjypi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe .

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

C:\Users\Admin\AppData\Local\Temp\yqzpkwtfyjhiuare.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 88.221.135.0:443 www.bing.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.imdb.com udp
FR 52.222.159.143:80 www.imdb.com tcp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 fyvqgej.net udp
US 8.8.8.8:53 tkdkdtvrz.org udp
US 8.8.8.8:53 qclkdctyh.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 mmycbrun.net udp
US 8.8.8.8:53 ibosmq.net udp
US 8.8.8.8:53 ubvudhvuum.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 vklmquv.net udp
US 8.8.8.8:53 lugmluzbyby.net udp
US 8.8.8.8:53 bbxaehw.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 xixcjhrcnych.net udp
US 8.8.8.8:53 brerphfw.info udp
US 8.8.8.8:53 kcjhxifkhq.info udp
US 8.8.8.8:53 fqkwpnieiwv.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 pfyqisui.info udp
US 8.8.8.8:53 rafgtfaldts.info udp
US 8.8.8.8:53 ykdacup.info udp
US 8.8.8.8:53 wiwgickmyqsk.com udp
US 8.8.8.8:53 xupwyiqwv.net udp
US 8.8.8.8:53 tfisvop.com udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 olxbkt.info udp
US 8.8.8.8:53 mioyqawqukgw.com udp
US 8.8.8.8:53 iixjcofr.net udp
US 8.8.8.8:53 juhgzmyhozwi.info udp
US 8.8.8.8:53 ekvsbyujj.net udp
US 8.8.8.8:53 ywimauseiu.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 xjkylcyib.net udp
US 8.8.8.8:53 tbvbtp.net udp
US 8.8.8.8:53 tphfnw.info udp
US 8.8.8.8:53 dqyydcnk.net udp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 semqskgk.com udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 zpjxppxavv.net udp
US 8.8.8.8:53 arjutgsgyus.net udp
US 8.8.8.8:53 kmttderiywt.info udp
US 8.8.8.8:53 kwrhmyzeo.info udp
US 8.8.8.8:53 tcfinbuwqc.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 kkdqkeav.info udp
US 8.8.8.8:53 tpdmbnugwj.info udp
US 8.8.8.8:53 eiiaeqglaxfe.net udp
US 8.8.8.8:53 faoaccjxdk.info udp
US 8.8.8.8:53 igimfqzazztk.info udp
US 8.8.8.8:53 htccizixhffs.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 aaqmynoaa.info udp
US 8.8.8.8:53 ceqyecrgr.info udp
US 8.8.8.8:53 neskryqmfkt.net udp
US 8.8.8.8:53 eeaouicecc.com udp
US 8.8.8.8:53 lapbtkvml.net udp
US 8.8.8.8:53 nwlqzkkglu.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 gyeoaoaocaag.com udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 oiyiqg.org udp
US 8.8.8.8:53 bplxfbexbg.info udp
US 8.8.8.8:53 vuvaguj.com udp
US 8.8.8.8:53 njmssjej.net udp
US 8.8.8.8:53 zhrzdapl.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 qogeuokyiaqs.org udp
US 8.8.8.8:53 dutljqz.org udp
US 8.8.8.8:53 xcrixmj.com udp
US 8.8.8.8:53 zozkjugx.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 dmzcyqz.com udp
US 8.8.8.8:53 holdsrkfoexs.net udp
US 8.8.8.8:53 pjnchqao.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 vczyrgdor.com udp
US 8.8.8.8:53 idrmlscsum.info udp
US 8.8.8.8:53 ptkqeh.info udp
US 8.8.8.8:53 bfdhbjrhlz.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 nopeasuan.com udp
US 8.8.8.8:53 osnxgea.info udp
US 8.8.8.8:53 zxutaw.info udp
US 8.8.8.8:53 kvqowmqzgp.net udp
US 8.8.8.8:53 unfnepkhso.net udp
US 8.8.8.8:53 ppxbix.info udp
US 8.8.8.8:53 gerhcb.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 muuuuiuq.com udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 osmurnjxmxpc.net udp
US 8.8.8.8:53 twewfd.info udp
US 8.8.8.8:53 xyckcgzcxgj.net udp
US 8.8.8.8:53 dxrmyzaj.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 hcnguepgnkx.org udp
US 8.8.8.8:53 plsqvl.net udp
US 8.8.8.8:53 sopyfsgkr.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 xstoagc.org udp
US 8.8.8.8:53 ojodjsuxxyli.net udp
US 8.8.8.8:53 mulaguiekes.net udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 uktknmn.info udp
US 8.8.8.8:53 wbpxdp.info udp
US 8.8.8.8:53 rflamnsycqdj.info udp
US 8.8.8.8:53 zulrvka.net udp
US 8.8.8.8:53 kwgqeicwwuiw.org udp
US 8.8.8.8:53 vdvonneuwua.org udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 awnkhkduvie.net udp
US 8.8.8.8:53 mkwgcaugumai.org udp
US 8.8.8.8:53 cnuulpgk.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 hkhrcmr.net udp
US 8.8.8.8:53 zbvmvudht.info udp
US 8.8.8.8:53 ukusoiamscos.org udp
US 8.8.8.8:53 palpynv.net udp
US 8.8.8.8:53 suuyeiuauccq.org udp
US 8.8.8.8:53 dvwweqvt.net udp
US 8.8.8.8:53 ouxbxxzexkf.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 eqtynoo.net udp
US 8.8.8.8:53 drjmoel.com udp
US 8.8.8.8:53 eycqolruptj.net udp
US 8.8.8.8:53 sypkrovon.info udp
US 8.8.8.8:53 estgqqgbwqxg.info udp
US 8.8.8.8:53 suqqjf.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 xuppauollwp.net udp
US 8.8.8.8:53 lrxplhbd.info udp
US 8.8.8.8:53 naihxubwx.org udp
US 8.8.8.8:53 rcpjqe.info udp
US 8.8.8.8:53 jmbyteehtaz.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 ynoajjjwhoo.net udp
US 8.8.8.8:53 hxbobup.org udp
US 8.8.8.8:53 nzjszuxkfpdp.net udp
US 8.8.8.8:53 gqhmeadaaz.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 lurydwr.org udp
US 8.8.8.8:53 rhsduknvzsnl.net udp
US 8.8.8.8:53 blubzate.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 dwjetlxuj.net udp
US 8.8.8.8:53 txatyevgrhyu.info udp
US 8.8.8.8:53 skblhcgsrn.info udp
US 8.8.8.8:53 pyogedv.com udp
US 8.8.8.8:53 uwqyssogws.org udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 sobgpcndp.net udp
US 8.8.8.8:53 mfxuvavycrl.net udp
US 8.8.8.8:53 umletazbz.info udp
US 8.8.8.8:53 wlezjolr.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 qgjtruylxphr.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 jrfflotyexqg.net udp
US 8.8.8.8:53 ccftrgngi.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 rswyleo.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 pxgidzbgzzw.org udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 cbbmnuzswxh.net udp
US 8.8.8.8:53 mhemoypm.info udp
US 8.8.8.8:53 jjvynfjouik.info udp
US 8.8.8.8:53 sqkqku.org udp
US 8.8.8.8:53 yuhenutpfbna.net udp
US 8.8.8.8:53 wggwimwmyq.com udp
US 8.8.8.8:53 lghqfoh.com udp
US 8.8.8.8:53 pggshlr.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 tdchjxar.net udp
US 8.8.8.8:53 srgbznte.net udp
US 8.8.8.8:53 makums.org udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 hkblqfhadzps.info udp
US 8.8.8.8:53 nhrdwmqkmyt.org udp
US 8.8.8.8:53 mmjhyrpijgl.info udp
US 8.8.8.8:53 rkzahtc.org udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 uilubtztf.net udp
US 8.8.8.8:53 pfabhgcpau.net udp
US 8.8.8.8:53 twfddqwdlec.org udp
US 8.8.8.8:53 octytvrmo.net udp
US 8.8.8.8:53 bobzcxzs.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 igaasway.com udp
US 8.8.8.8:53 thzarcvdpkdl.net udp
US 8.8.8.8:53 hzzzeq.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 mcqmyeccgq.org udp
US 8.8.8.8:53 mziygdxtciii.info udp
US 8.8.8.8:53 aofcjyjeniv.net udp
US 8.8.8.8:53 jqenbinqp.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 amguomaaee.org udp
US 8.8.8.8:53 iceryyh.net udp
US 8.8.8.8:53 ishjjiplar.info udp
US 8.8.8.8:53 zovkcvbh.info udp
US 8.8.8.8:53 wqcqka.org udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 gipyaap.info udp
US 8.8.8.8:53 lgzyxip.net udp
US 8.8.8.8:53 wuoskljobll.net udp
US 8.8.8.8:53 vjdujbl.info udp
US 8.8.8.8:53 ekaywgki.org udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 wqzqphxn.info udp
US 8.8.8.8:53 twtafyxkpib.org udp
US 8.8.8.8:53 fmscjrrypym.com udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 eimyvaqk.net udp
US 8.8.8.8:53 kptqzqhd.net udp
US 8.8.8.8:53 kacstwwne.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 zklhactt.info udp
US 8.8.8.8:53 rusnhvrdxm.net udp
US 8.8.8.8:53 hhcabxh.info udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 eemqig.com udp
US 8.8.8.8:53 vvhdwvyo.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jgniaygwrqo.org udp
US 8.8.8.8:53 igckcikoogeu.org udp
US 8.8.8.8:53 rzdzoie.net udp
US 8.8.8.8:53 ywrwjetkzfv.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 yoisow.org udp
US 8.8.8.8:53 nouctkseci.net udp
US 8.8.8.8:53 wmaucs.com udp
US 8.8.8.8:53 bfwipkv.net udp
US 8.8.8.8:53 tqvdxtavik.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 msakyiyi.com udp
US 8.8.8.8:53 vukkjefvt.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 ldbrlaoe.info udp
US 8.8.8.8:53 mocoet.net udp
US 8.8.8.8:53 iyaoks.org udp
US 8.8.8.8:53 rjggzcvex.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 hicgspxwra.info udp
US 8.8.8.8:53 akcmaa.org udp
US 8.8.8.8:53 tffmejgi.info udp
US 8.8.8.8:53 miiaoweoywqg.com udp
US 8.8.8.8:53 vzzbuktlezpm.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 icqrtkw.net udp
US 8.8.8.8:53 uuxzhc.info udp
US 8.8.8.8:53 ocmkaucqwe.com udp
US 8.8.8.8:53 pgbzuqt.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 iewskikuay.org udp
US 8.8.8.8:53 vzxtvdjprz.net udp
US 8.8.8.8:53 zpfeuykdvzvu.net udp
US 8.8.8.8:53 nglvtaiyt.net udp
US 8.8.8.8:53 vynxyquzvhf.org udp
US 8.8.8.8:53 zlxpusjxtiv.org udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 cegoqu.com udp
US 8.8.8.8:53 kssawmya.org udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 qkbkmldmn.info udp
US 8.8.8.8:53 qjlxuqj.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 uaygqe.com udp
US 8.8.8.8:53 dvmkvicmrfcg.info udp
US 8.8.8.8:53 umgamamauysg.org udp
US 8.8.8.8:53 skmsbencsvsu.info udp
US 8.8.8.8:53 lelimqma.info udp
US 8.8.8.8:53 kbwezwg.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 zoqpebow.info udp
US 8.8.8.8:53 ygflrh.info udp
US 8.8.8.8:53 ynjvtslk.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 ombkfwn.info udp
US 8.8.8.8:53 cowqokek.org udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 xyyfpanhdkz.net udp
US 8.8.8.8:53 ukkeiavlt.net udp
US 8.8.8.8:53 egbgzolepaj.net udp
US 8.8.8.8:53 xxnkvklsqf.net udp
US 8.8.8.8:53 yfgykzwi.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 yqwkusuc.com udp
US 8.8.8.8:53 xgbapyjyrwh.com udp
US 8.8.8.8:53 bmefunwozrd.com udp
US 8.8.8.8:53 jkwvny.net udp
US 8.8.8.8:53 irsdgxrbvgos.net udp
US 8.8.8.8:53 olajhjjq.info udp
US 8.8.8.8:53 porzjatgtdj.com udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 ouvhpmu.info udp
US 8.8.8.8:53 enkwqsvkb.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 znhornae.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 damsplj.net udp
US 8.8.8.8:53 msqugrbxtxbv.info udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 sbkqpkzez.info udp
US 8.8.8.8:53 buzkvgluklk.net udp
US 8.8.8.8:53 jgloiwtjjqw.org udp
US 8.8.8.8:53 dyhylhgmenja.info udp
US 8.8.8.8:53 dolodlrcma.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 mzygeylgio.net udp
US 8.8.8.8:53 jxdhlrvdjc.net udp
US 8.8.8.8:53 wuucuggqcims.org udp
US 8.8.8.8:53 uqicqm.com udp
US 8.8.8.8:53 soueumce.com udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ftxxrhle.net udp
US 8.8.8.8:53 lgmoogbktes.info udp
US 8.8.8.8:53 bxvxuaogfuhn.info udp
US 8.8.8.8:53 cdrqqx.net udp
US 8.8.8.8:53 kopofgoxp.net udp
US 8.8.8.8:53 kujeigz.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 fpeofmbaz.info udp
US 8.8.8.8:53 kfqhuecvrqvp.net udp
US 8.8.8.8:53 coignhkel.net udp
US 8.8.8.8:53 rwrzll.info udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 jseqkubusrp.net udp
US 8.8.8.8:53 csmrwj.net udp
US 8.8.8.8:53 rrqsfhoae.info udp
US 8.8.8.8:53 ooimiaowyo.org udp
US 8.8.8.8:53 drjyum.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 gsagguuqmaik.com udp
US 8.8.8.8:53 ombgpausvgx.net udp
US 8.8.8.8:53 wqooykuacoqi.com udp
US 8.8.8.8:53 icqkuk.com udp
US 8.8.8.8:53 vmzodynzrwo.org udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 quvgpdslxdpm.net udp
US 8.8.8.8:53 hvfoey.net udp
US 8.8.8.8:53 nwljkcqbflki.info udp
US 8.8.8.8:53 rnlgvlqdhpgh.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 ffthsognpy.net udp
US 8.8.8.8:53 ppgixqwunuf.org udp
US 8.8.8.8:53 qeakwkyuuwyg.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 nzahwbng.net udp
US 8.8.8.8:53 vtwfhqnme.org udp
US 8.8.8.8:53 cagucggq.org udp
US 8.8.8.8:53 gwvmhej.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 kswwqq.com udp
US 8.8.8.8:53 ridufkvausz.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 gbbnvmugvp.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 ucaeccsi.org udp
US 8.8.8.8:53 zrxidbzcvfpp.net udp
US 8.8.8.8:53 imwuegeo.org udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 igqxolgkhe.info udp
US 8.8.8.8:53 jupibyoqhmx.info udp
US 8.8.8.8:53 bmtdui.net udp
US 8.8.8.8:53 roxftpwfit.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 okhraurexw.net udp
US 8.8.8.8:53 kkhgjwcpwun.info udp
US 8.8.8.8:53 mwthbxuawvyh.info udp
US 8.8.8.8:53 suckkiqy.org udp
US 8.8.8.8:53 cmmgos.com udp
US 8.8.8.8:53 aopkoqxiraf.info udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 sooeeiogyowi.com udp
US 8.8.8.8:53 brvvkc.net udp
US 8.8.8.8:53 qkqgeygakqso.com udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 xnnmdyxmr.info udp
US 8.8.8.8:53 hzcdvr.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 ucwkiyqsoqug.com udp
US 8.8.8.8:53 sumcdb.net udp
US 8.8.8.8:53 dsoborwoisuv.info udp
US 8.8.8.8:53 wsddgxvo.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 uyguqqimye.org udp
US 8.8.8.8:53 fvvwcddmqyj.net udp
US 8.8.8.8:53 ykzchuhip.info udp
US 8.8.8.8:53 ukyasuuseqsw.org udp
US 8.8.8.8:53 lyhcqaz.com udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 uqymsyacgqsu.org udp
US 8.8.8.8:53 zieavhw.net udp
US 8.8.8.8:53 nyedbtxz.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 iykiycoqgcwc.org udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 soixapbv.info udp
US 8.8.8.8:53 eufvjumpsttg.net udp
US 8.8.8.8:53 vdyvqovexz.net udp
US 8.8.8.8:53 qstxxwbky.info udp
US 8.8.8.8:53 naerbumfrnhu.info udp
US 8.8.8.8:53 jqhubyx.org udp
US 8.8.8.8:53 ugfulktosrl.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 wnbfdvxh.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 nczsddrem.net udp
US 8.8.8.8:53 usllaax.net udp
US 8.8.8.8:53 hzubfeef.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 zuhpth.info udp
US 8.8.8.8:53 onxsiihu.net udp
US 8.8.8.8:53 gmcfnfhwf.info udp
US 8.8.8.8:53 tivdhj.info udp
US 8.8.8.8:53 eqtydop.net udp
US 8.8.8.8:53 dobbnleh.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 kurmpao.net udp
US 8.8.8.8:53 pojilhvpzgf.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 vjcifdqsx.info udp
US 8.8.8.8:53 fwqctdlwdvl.com udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 gkiygeiw.org udp
US 8.8.8.8:53 uxfqzo.net udp
US 8.8.8.8:53 vkxrfsjadnv.info udp
US 8.8.8.8:53 ujnuqsw.info udp
US 8.8.8.8:53 qywgloxqv.info udp
US 8.8.8.8:53 bghktwf.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 rixzhadubu.info udp
US 8.8.8.8:53 xhnxxgtwzka.info udp
US 8.8.8.8:53 saumfskxi.info udp
US 8.8.8.8:53 redmvenw.info udp
US 8.8.8.8:53 waiwimaawq.org udp
US 8.8.8.8:53 lqnqaohstuw.info udp
US 8.8.8.8:53 ecumsu.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 eztxqj.info udp
US 8.8.8.8:53 fcvqjxdym.info udp
US 8.8.8.8:53 txkktx.info udp
US 8.8.8.8:53 nocrkyqz.net udp
US 8.8.8.8:53 gawewigo.com udp
US 8.8.8.8:53 nwemypgorlgh.net udp
US 8.8.8.8:53 swgjnaxwfrb.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 lmnsnyl.info udp
US 8.8.8.8:53 zuxahel.info udp
US 8.8.8.8:53 dobimn.info udp
US 8.8.8.8:53 oilnqvvhoh.info udp
US 8.8.8.8:53 rhlzymtjzo.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 uolquckgl.net udp
US 8.8.8.8:53 zgbpnkrn.info udp
US 8.8.8.8:53 jcyjvafgjgo.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 syifaat.info udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 cmeuuksiayei.org udp
US 8.8.8.8:53 btroncy.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 fexlzhlyhah.net udp
US 8.8.8.8:53 wwyyggkqkm.org udp
US 8.8.8.8:53 wgqesalf.info udp
US 8.8.8.8:53 dnoenxcc.net udp
US 8.8.8.8:53 qcgwyemuusma.com udp
US 8.8.8.8:53 zktxjkttqd.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 asasqymgqgky.com udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 ezlxwqjn.net udp
US 8.8.8.8:53 aozpmqbnx.net udp
US 8.8.8.8:53 beegakv.com udp
US 8.8.8.8:53 wkexljewohlp.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 bofnlpvkh.info udp
US 8.8.8.8:53 ptsrfdnk.net udp
US 8.8.8.8:53 xvvuhdnao.com udp
US 8.8.8.8:53 lmzpdyxjr.info udp
US 8.8.8.8:53 rultvjtcyg.info udp
US 8.8.8.8:53 lerlqgld.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 yskuygwc.com udp
US 8.8.8.8:53 redlnehi.info udp
US 8.8.8.8:53 zetazsusbsh.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 sqsswygcomgs.org udp
US 8.8.8.8:53 krcemkyt.net udp
US 8.8.8.8:53 hsfkwh.info udp
US 8.8.8.8:53 zbtwspdgyn.info udp
US 8.8.8.8:53 qnnqgpu.net udp
US 8.8.8.8:53 avmocghcdvy.info udp
US 8.8.8.8:53 ykuiicau.com udp
US 8.8.8.8:53 wageausweuom.org udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 rkvgndz.net udp
US 8.8.8.8:53 kzoyjjzjiimb.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 mmogamuo.com udp
US 8.8.8.8:53 gjhudhu.net udp
US 8.8.8.8:53 wejotoy.net udp
US 8.8.8.8:53 bmbewbvloblo.net udp
US 8.8.8.8:53 asaiwmos.org udp
US 8.8.8.8:53 ryhanqdfmd.net udp
US 8.8.8.8:53 jkztaou.org udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 vwegfdxuiu.net udp
US 8.8.8.8:53 gmyqgigmuo.org udp
US 8.8.8.8:53 zidugrm.net udp
US 8.8.8.8:53 iqufvufirot.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 nugyes.net udp
US 8.8.8.8:53 icmsuaeqck.com udp
US 8.8.8.8:53 uynodxkrqhli.net udp
US 8.8.8.8:53 hmhunafqgoc.net udp
US 8.8.8.8:53 hmzkfkv.com udp
US 8.8.8.8:53 qkxwqzaewvta.info udp
US 8.8.8.8:53 uwwgkoaeqamo.com udp
US 8.8.8.8:53 kwntxtahytbo.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 harbughmv.net udp
US 8.8.8.8:53 qyxgvgblf.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 gkdmbibgmln.info udp
US 8.8.8.8:53 dxoaoxgkf.com udp
US 8.8.8.8:53 mexktizeyhyy.info udp
US 8.8.8.8:53 esymyesc.org udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 prftgqch.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 aokskisuewmy.com udp
US 8.8.8.8:53 bnqszsxdxz.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 lxbluoxf.net udp
US 8.8.8.8:53 lszfrmupqm.info udp
US 8.8.8.8:53 mytotsw.info udp
US 8.8.8.8:53 mkoruyn.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 cqrsbhrxhaw.info udp
US 8.8.8.8:53 yczvrll.net udp
US 8.8.8.8:53 mkzkzap.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 jopdzn.info udp
US 8.8.8.8:53 luycsf.net udp
US 8.8.8.8:53 qmmuqtbfohzu.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 gwfhdmjmw.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 dvbavqtgrlh.net udp
US 8.8.8.8:53 ukfzrtdiwo.net udp
US 8.8.8.8:53 mgkaci.com udp
US 8.8.8.8:53 hmowcayyap.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 pygamuv.net udp
US 8.8.8.8:53 nosvmld.net udp
US 8.8.8.8:53 lvjhuupstc.info udp
US 8.8.8.8:53 zwnwzmbyd.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 hadgrsh.org udp
US 8.8.8.8:53 ikciqwcmouwq.com udp
US 8.8.8.8:53 vmezsobm.info udp
US 8.8.8.8:53 geaucecqseak.com udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 uvvevoiktmp.net udp
US 8.8.8.8:53 stnldrnpnn.info udp
US 8.8.8.8:53 ywegouwkig.com udp
US 8.8.8.8:53 acacyrloqh.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 tyqmegvikpp.com udp
US 8.8.8.8:53 wggscikyimyi.com udp
US 8.8.8.8:53 hhctmigbifcm.net udp
US 8.8.8.8:53 atjknen.net udp
US 8.8.8.8:53 mzvkhhpi.net udp
US 8.8.8.8:53 sfhewijyx.info udp
US 8.8.8.8:53 okgoqq.org udp
US 8.8.8.8:53 jggjiknzalzj.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 opncfsxnboz.info udp
US 8.8.8.8:53 opltjm.info udp
US 8.8.8.8:53 iunsbqtyrsy.net udp
US 8.8.8.8:53 vatjcnu.com udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 tijklxs.com udp
US 8.8.8.8:53 tudgihlrvori.info udp
US 8.8.8.8:53 ygooycmmyusc.org udp
US 8.8.8.8:53 afopslbmsp.net udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 hocaco.net udp
US 8.8.8.8:53 uuuwag.com udp
US 8.8.8.8:53 baxztudwb.org udp
US 8.8.8.8:53 rztsnryz.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 liaaeg.net udp
US 8.8.8.8:53 kftirw.net udp
US 8.8.8.8:53 qnjiwrbvrau.info udp
US 8.8.8.8:53 nsfovelgrpn.info udp
US 8.8.8.8:53 txmzjppatxm.net udp
US 8.8.8.8:53 zyjecbiip.info udp
US 8.8.8.8:53 jropdltq.net udp
US 8.8.8.8:53 jqnogwlwr.org udp
US 8.8.8.8:53 sekgeq.org udp
US 8.8.8.8:53 eykqeq.com udp
US 8.8.8.8:53 opwqzzstlvo.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 haavxebgf.org udp
US 8.8.8.8:53 ufbfaevwqht.net udp
US 8.8.8.8:53 mvldxfvoax.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 nmaibausj.com udp
US 8.8.8.8:53 iwgqegwg.com udp
US 8.8.8.8:53 lzigsktlravt.net udp
US 8.8.8.8:53 etclvsftm.info udp
US 8.8.8.8:53 riwtpqxqcr.net udp
US 8.8.8.8:53 wwkutys.info udp
US 8.8.8.8:53 varszqfmqkz.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 pnvcfylbkw.net udp
US 8.8.8.8:53 ynxmhedhxib.info udp
US 8.8.8.8:53 hkiwxvakllep.info udp
US 8.8.8.8:53 jaoorkpybmj.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 ltmmtox.org udp
US 8.8.8.8:53 zkxxnax.net udp
US 8.8.8.8:53 synkdydcryz.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 rfqfss.net udp
US 8.8.8.8:53 ndpixydmrhb.org udp
US 8.8.8.8:53 tcenzfth.net udp
US 8.8.8.8:53 omueesiqisgc.org udp
US 8.8.8.8:53 ppjcksssb.org udp
US 8.8.8.8:53 iglullxcx.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 gmhxrwja.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 rqfzqq.net udp
US 8.8.8.8:53 vkdwovweoem.info udp
US 8.8.8.8:53 lrzdethb.net udp
US 8.8.8.8:53 fcnvqhhh.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 pnzvnpxwnm.net udp
US 8.8.8.8:53 pmkwkvnzjk.info udp
US 8.8.8.8:53 uysjdll.info udp
US 8.8.8.8:53 ldpzzastbx.info udp
US 8.8.8.8:53 xxynvihcis.info udp
US 8.8.8.8:53 qwsexi.info udp
US 8.8.8.8:53 slfcle.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 zarsxoc.com udp
US 8.8.8.8:53 awtottlbsnr.net udp
US 8.8.8.8:53 wwplfeegvje.net udp
US 8.8.8.8:53 kegyeasqimoy.com udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 mewzsuhqxo.info udp
US 8.8.8.8:53 mwyeeakici.com udp
US 8.8.8.8:53 lfdfdupevsl.org udp
US 8.8.8.8:53 oqsaguou.com udp
US 8.8.8.8:53 uelmpvjqx.info udp
US 8.8.8.8:53 dcdyxwzklhs.com udp
US 8.8.8.8:53 kycaaby.net udp
US 8.8.8.8:53 vsryqgb.com udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 htebvauw.info udp
US 8.8.8.8:53 vyllnrjwfvro.info udp
US 8.8.8.8:53 fmyqqmj.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 vweedmb.org udp
US 8.8.8.8:53 jwfull.net udp
US 8.8.8.8:53 wwtgxcteyzj.info udp
US 8.8.8.8:53 qqseoyakksia.com udp
US 8.8.8.8:53 kselzioit.net udp
US 8.8.8.8:53 ijdzqa.info udp
US 8.8.8.8:53 umqxhshovjec.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 jongdjh.info udp
US 8.8.8.8:53 dcmuzow.com udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 llzghkftkyec.info udp
US 8.8.8.8:53 sbleszjvvg.net udp
US 8.8.8.8:53 wztqtgjhtgl.info udp
US 8.8.8.8:53 wyouismkim.org udp
US 8.8.8.8:53 tmqpoehu.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 famkbhvej.com udp
US 8.8.8.8:53 iisuvseij.info udp
US 8.8.8.8:53 ozbfhqw.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 hxpbdbestx.net udp
US 8.8.8.8:53 muqgsqcy.org udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 ouosewysay.com udp
US 8.8.8.8:53 ektuwgs.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 farirmhxn.net udp
US 8.8.8.8:53 tgfytkiga.org udp
US 8.8.8.8:53 jsomvivueud.info udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 pzqsbwtup.org udp
US 8.8.8.8:53 dyyvuvnbnms.info udp
US 8.8.8.8:53 hqycpknrl.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 ddnagut.net udp
US 8.8.8.8:53 izvstevyoxdz.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 mxtchd.info udp
US 8.8.8.8:53 umteqyv.info udp
US 8.8.8.8:53 aakicwgeguaw.com udp
US 8.8.8.8:53 bcwukzmauq.info udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 lqqubtmi.info udp
US 8.8.8.8:53 qzfybg.net udp
US 8.8.8.8:53 nexybapxati.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 qhbtlcesdu.info udp
US 8.8.8.8:53 ikmcuuv.info udp
US 8.8.8.8:53 hzlazafqpgmu.net udp
US 8.8.8.8:53 ygvxekxsnyt.info udp
US 8.8.8.8:53 wsfsufki.info udp
US 8.8.8.8:53 tusgthxur.com udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 dmvprw.net udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 ibsivd.net udp
US 8.8.8.8:53 gkwcwogqki.org udp
US 8.8.8.8:53 aerjlysnv.net udp
US 8.8.8.8:53 uiuekuys.org udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 unjigshqi.net udp
US 8.8.8.8:53 omkbsmfhlq.net udp
US 8.8.8.8:53 sieibora.net udp
US 8.8.8.8:53 miwmemmi.com udp
US 8.8.8.8:53 lsnooolaymk.info udp
US 8.8.8.8:53 kanrsrvit.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 jgsulgls.net udp
US 8.8.8.8:53 cymakoqu.org udp
US 8.8.8.8:53 qghxvqv.info udp
US 8.8.8.8:53 wgdyzqpwn.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 kqaiocyq.com udp
US 8.8.8.8:53 uoxibzdau.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 tcykbmxt.info udp
US 8.8.8.8:53 hwtqgvjxzk.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 tlhelhhtdmh.info udp
US 8.8.8.8:53 aaszfufandz.info udp
US 8.8.8.8:53 crnsvufotkl.info udp
US 8.8.8.8:53 rfzkmobxlg.info udp
US 8.8.8.8:53 amegiesk.org udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 pokivbggpgzw.info udp
US 8.8.8.8:53 ennzzlvv.info udp
US 8.8.8.8:53 zojnbcklr.net udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 uwloxmdpb.info udp
US 8.8.8.8:53 sqxetl.net udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 ukwyasakgosw.com udp
US 8.8.8.8:53 kssxpvp.info udp
US 8.8.8.8:53 pbhubawkout.org udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 nbokbqss.net udp
US 8.8.8.8:53 fjkzdm.info udp
US 8.8.8.8:53 calevsp.info udp
US 8.8.8.8:53 cmoosk.com udp
US 8.8.8.8:53 kigvdgi.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 xxjldlvrkg.info udp
US 8.8.8.8:53 ofhssslsrkn.info udp
US 8.8.8.8:53 muikqi.com udp
US 8.8.8.8:53 yubmnah.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 ewzsthlxekk.info udp
US 8.8.8.8:53 gikoao.org udp
US 8.8.8.8:53 kukfsengsh.info udp
US 8.8.8.8:53 gaukhrsmvwlq.net udp
US 8.8.8.8:53 qwbhby.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 nkzcfuwhz.net udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 ajribzjp.net udp
US 8.8.8.8:53 khcexcfgxv.info udp
US 8.8.8.8:53 fpczwrezui.info udp
US 8.8.8.8:53 yeuinhzqgpp.info udp
US 8.8.8.8:53 rkbcnhdwuyr.info udp
US 8.8.8.8:53 uspzbnanpy.net udp
US 8.8.8.8:53 ozouzgl.net udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 sacimsws.com udp
US 8.8.8.8:53 nftdjucldmkn.info udp
US 8.8.8.8:53 qgcsyj.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 jfcxtt.info udp
US 8.8.8.8:53 eqbciayirmm.net udp
US 8.8.8.8:53 eydgwgxca.info udp
US 8.8.8.8:53 vkbpvghly.org udp
US 8.8.8.8:53 vidmdtogl.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 eyxuqf.net udp
US 8.8.8.8:53 zxkoftuceswj.info udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 dyzenelwe.com udp
US 8.8.8.8:53 eghjupx.net udp
US 8.8.8.8:53 bqliiakejjwh.net udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 meeiueoiis.com udp
US 8.8.8.8:53 wrrlvqkm.info udp
US 8.8.8.8:53 phmmvqlod.net udp
US 8.8.8.8:53 afjomozsr.info udp
US 8.8.8.8:53 vqqzukzmv.info udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 mwciskmqwooi.org udp
US 8.8.8.8:53 akyczqjuwwx.info udp
US 8.8.8.8:53 pmxgpwgrhynl.net udp
US 8.8.8.8:53 bezxeengnep.info udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 crlagt.net udp
US 8.8.8.8:53 xrtalhpbbyaw.net udp
US 8.8.8.8:53 qkmkcw.org udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 ugphenggjkpm.info udp
US 8.8.8.8:53 qirsvcv.net udp
US 8.8.8.8:53 xgyvdmrkw.org udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 lxdtklbih.org udp
US 8.8.8.8:53 yiugiq.com udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 ocxcsgrwg.net udp
US 8.8.8.8:53 syoemgyckyqy.com udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 hikoddzsoxo.net udp
US 8.8.8.8:53 ymdwavxadvnl.info udp
US 8.8.8.8:53 ywsggwgu.org udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 tdahbyimfc.info udp
US 8.8.8.8:53 isxynkbutwz.info udp
US 8.8.8.8:53 jqclhkgyeizc.info udp
US 8.8.8.8:53 aawgkwicgyks.com udp
US 8.8.8.8:53 lrzchytbhyg.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 enorxtwiga.info udp
US 8.8.8.8:53 jsrhhqx.info udp
US 8.8.8.8:53 hkqywuugnys.net udp
US 8.8.8.8:53 ymcwessi.org udp
US 8.8.8.8:53 cichjgpkknf.net udp
US 8.8.8.8:53 divdzmi.org udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 jbfzppty.info udp
US 8.8.8.8:53 zlfyhshzl.info udp
US 8.8.8.8:53 wyrqbljyczf.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 oktcrytxqxq.net udp
US 8.8.8.8:53 uuokmwek.org udp
US 8.8.8.8:53 iowummgsme.org udp
US 8.8.8.8:53 zdzgoofuh.info udp
US 8.8.8.8:53 xafntgtx.info udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 ptjrucwhqyek.info udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 fwqzrn.net udp
US 8.8.8.8:53 sibibkebxthi.info udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 xiwerwe.net udp
US 8.8.8.8:53 zfxgpgzq.net udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 qvuigq.info udp
US 8.8.8.8:53 lkdcykiji.com udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 lpnqceh.info udp
US 8.8.8.8:53 fcqwbwolhfx.com udp
US 8.8.8.8:53 bxdxpcbzicdo.info udp
US 8.8.8.8:53 hgjsnnnclqv.info udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 scswiokcmk.com udp
US 8.8.8.8:53 msyynnlkieoj.net udp
US 8.8.8.8:53 dixjcmuyh.net udp
US 8.8.8.8:53 ljlgmazcjeq.org udp
US 8.8.8.8:53 jgravtsd.net udp
US 8.8.8.8:53 qbaluinxfoiu.info udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 nyesreh.com udp
US 8.8.8.8:53 hjdanvcakuu.com udp
US 8.8.8.8:53 lblbbzdwvw.info udp
US 8.8.8.8:53 hlmrxiinac.info udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 jdzakwhkrr.info udp
US 8.8.8.8:53 caaakckcqu.org udp
US 8.8.8.8:53 terwausffs.net udp
US 8.8.8.8:53 ssgqsckw.com udp
US 8.8.8.8:53 dutgoqnz.net udp
US 8.8.8.8:53 zmlyakv.org udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 ndfkdfggr.info udp
US 8.8.8.8:53 dmlapoh.info udp
US 8.8.8.8:53 najkogn.net udp
US 8.8.8.8:53 ngpxnqiyar.info udp
US 8.8.8.8:53 xkbyiniqrpfv.info udp
US 8.8.8.8:53 xflrdxdu.net udp
US 8.8.8.8:53 asfqzpbbf.net udp
US 8.8.8.8:53 qbbazjtyf.info udp
US 8.8.8.8:53 eomiww.org udp
US 8.8.8.8:53 ionlrsv.info udp
US 8.8.8.8:53 lqycrol.info udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 ipjywolmqze.info udp
US 8.8.8.8:53 hprfzg.net udp
US 8.8.8.8:53 gthrpp.net udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 hqeyzyhey.org udp
US 8.8.8.8:53 fqvozsyex.com udp
US 8.8.8.8:53 tezvhnfjxq.net udp
US 8.8.8.8:53 yenhvalpdykj.info udp
US 8.8.8.8:53 gepixjiw.info udp
US 8.8.8.8:53 cslcvixvb.net udp
US 8.8.8.8:53 nrpqjt.info udp
US 8.8.8.8:53 eqyfdf.net udp
US 8.8.8.8:53 pbzmnlhh.info udp
US 8.8.8.8:53 mmltpxzfvd.info udp
US 8.8.8.8:53 qoecgy.org udp
US 8.8.8.8:53 fpawrxhn.info udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 myqikqeymayy.com udp
US 8.8.8.8:53 yiogesoaaqii.org udp
US 8.8.8.8:53 tmbmnsbyvks.info udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 dfrztj.net udp
US 8.8.8.8:53 iuopsm.info udp
US 8.8.8.8:53 xbfhtyff.info udp
US 8.8.8.8:53 lcnakurkrtd.com udp
US 8.8.8.8:53 gqygvejxf.info udp
US 8.8.8.8:53 ndbsbqbvv.info udp
US 8.8.8.8:53 mzwneh.net udp
US 8.8.8.8:53 hqqgzxmmgx.net udp
US 8.8.8.8:53 zpuzlkn.info udp
US 8.8.8.8:53 vbzarsdsnat.com udp
US 8.8.8.8:53 hytqeejor.org udp
US 8.8.8.8:53 vsswekgnat.info udp
US 8.8.8.8:53 aarbvonaobs.net udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 fyvqgej.net udp
US 8.8.8.8:53 xyurrudjd.info udp
US 8.8.8.8:53 xeduvez.net udp
US 8.8.8.8:53 eyjuteq.info udp
US 8.8.8.8:53 vvlagkfghoz.net udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 dstdsihd.net udp
US 8.8.8.8:53 kefahu.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 rvtxqxhknviv.net udp
US 8.8.8.8:53 hxpmawsc.info udp
US 8.8.8.8:53 yoqymi.com udp
US 8.8.8.8:53 jwbegkq.org udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 xixcjhrcnych.net udp
US 8.8.8.8:53 iaqwscwygwkk.org udp
US 8.8.8.8:53 ntgeuxzg.info udp
US 8.8.8.8:53 dopgdicwz.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 jyamjvy.net udp
US 8.8.8.8:53 rafgtfaldts.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 skxhqbpid.info udp
US 8.8.8.8:53 zssfdeq.com udp
US 8.8.8.8:53 yzzglkjsoay.net udp
US 8.8.8.8:53 twetncgfna.net udp
US 8.8.8.8:53 sryffshvthpx.info udp
US 8.8.8.8:53 ywimauseiu.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 aawxxk.net udp
US 8.8.8.8:53 cskaaa.org udp
US 8.8.8.8:53 uuzcnmstx.info udp
US 8.8.8.8:53 aavqgwn.net udp
US 8.8.8.8:53 eomkme.org udp
US 8.8.8.8:53 amsivuhqbdn.net udp
US 8.8.8.8:53 eepgwut.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 frkdhwrd.net udp
US 8.8.8.8:53 nxhjhelg.info udp
US 8.8.8.8:53 wjjesmdv.info udp
US 8.8.8.8:53 xkvengumtus.net udp
US 8.8.8.8:53 sissokky.org udp
US 8.8.8.8:53 mvrjoxmptm.info udp
US 8.8.8.8:53 owkasy.com udp
US 8.8.8.8:53 ksbeqedilec.net udp
US 8.8.8.8:53 fimrdqhkhk.info udp
US 8.8.8.8:53 sljsxqv.info udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 djpcqld.com udp
US 8.8.8.8:53 evyrvibynav.info udp
US 8.8.8.8:53 faoaccjxdk.info udp
US 8.8.8.8:53 bmdflttg.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 zvwqdsg.com udp
US 8.8.8.8:53 eeaouicecc.com udp
US 8.8.8.8:53 tezapotlvr.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 rimqzswpq.com udp
US 8.8.8.8:53 hcrazcfkr.org udp
US 8.8.8.8:53 wxmyiepqrhr.info udp
US 8.8.8.8:53 tzxkpakieyu.com udp
US 8.8.8.8:53 nrhgkvxqmc.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 gusykyzklop.info udp
US 8.8.8.8:53 eocqcaio.com udp
US 8.8.8.8:53 ggfqrmq.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 msfrjnvcslef.net udp
US 8.8.8.8:53 vuvaguj.com udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 jnqbqpdf.net udp
US 8.8.8.8:53 corjfuvqqnaa.net udp
US 8.8.8.8:53 ddaqqyjgrmz.org udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 pbjzsl.info udp
US 8.8.8.8:53 dajatux.org udp
US 8.8.8.8:53 ntwblmbspara.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 sakkwwskwqug.com udp
US 8.8.8.8:53 tbleoaln.info udp
US 8.8.8.8:53 aezodiyiuky.net udp
US 8.8.8.8:53 iwebzspyhsz.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 docybmqh.info udp
US 8.8.8.8:53 fkcqoexkd.net udp
US 8.8.8.8:53 ncvpkqailvvv.info udp
US 8.8.8.8:53 wkgiom.org udp
US 8.8.8.8:53 ngsyjjxodc.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 vlpivni.info udp
US 8.8.8.8:53 ihkyfpxkxchp.info udp
US 8.8.8.8:53 bopwrlf.org udp
US 8.8.8.8:53 wxbxvfkfzk.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 hrrvcglmte.info udp
US 8.8.8.8:53 xlnivpsuab.info udp
US 8.8.8.8:53 oeuuiuakec.org udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 sdczocyn.info udp
US 8.8.8.8:53 mburag.info udp
US 8.8.8.8:53 yugauajofxb.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 vrhkhjkyfnwk.net udp
US 8.8.8.8:53 asbdjzbat.net udp
US 8.8.8.8:53 ewlavyd.net udp
US 8.8.8.8:53 trsqzzwd.net udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 tvtaqfnmf.info udp
US 8.8.8.8:53 huefaatdxtxt.net udp
US 8.8.8.8:53 jaehmwxr.info udp
US 8.8.8.8:53 yitspgx.info udp
US 8.8.8.8:53 pkxqmfd.info udp
US 8.8.8.8:53 gajcfaukoea.info udp
US 8.8.8.8:53 kwgqeicwwuiw.org udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 icniiczgj.info udp
US 8.8.8.8:53 rekyxm.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 eoqyxnd.info udp
US 8.8.8.8:53 ukusoiamscos.org udp
US 8.8.8.8:53 noobdpl.info udp
US 8.8.8.8:53 huzwlguznmz.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 hydixst.info udp
US 8.8.8.8:53 buvxtbwp.net udp
US 8.8.8.8:53 jgwcoofzbun.net udp
US 8.8.8.8:53 pvhlixgerjti.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 jynobcv.info udp
US 8.8.8.8:53 qgombanv.info udp
US 8.8.8.8:53 qubslmnsd.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 bopozsz.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 kgieuoiw.com udp
US 8.8.8.8:53 vnxbbrnzjqh.info udp
US 8.8.8.8:53 fdeodul.info udp
US 8.8.8.8:53 cgwwcc.com udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 nsmgfxgs.net udp
US 8.8.8.8:53 wqzinczmx.info udp
US 8.8.8.8:53 mpqgselgl.info udp
US 8.8.8.8:53 vwvmhaj.net udp
US 8.8.8.8:53 xfjrhd.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 joudfasurxxt.info udp
US 8.8.8.8:53 dnyottlbju.net udp
US 8.8.8.8:53 aknuvqvm.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 yotehgakb.info udp
US 8.8.8.8:53 rpfupezssvpk.info udp
US 8.8.8.8:53 zkhujspqb.net udp
US 8.8.8.8:53 xkksuaqezut.net udp
US 8.8.8.8:53 inhwrprogej.net udp
US 8.8.8.8:53 kbxsyyrb.info udp
US 8.8.8.8:53 ugyykuaakc.com udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 zyryujx.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 jbvkvlvrxd.net udp
US 8.8.8.8:53 tcrnxafdbyx.org udp
US 8.8.8.8:53 vjgfvyou.info udp
US 8.8.8.8:53 wswgmm.org udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 batknmuzlnd.org udp
US 8.8.8.8:53 fypefvfwnub.info udp
US 8.8.8.8:53 ssveragyx.net udp
US 8.8.8.8:53 wjbcbecdy.net udp
US 8.8.8.8:53 gmiskc.com udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 fabades.net udp
US 8.8.8.8:53 luyjdv.net udp
US 8.8.8.8:53 ucilerferchf.info udp
US 8.8.8.8:53 lltejndirap.org udp
US 8.8.8.8:53 wmxgnsfsr.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 vacyejog.net udp
US 8.8.8.8:53 sghmuuw.info udp
US 8.8.8.8:53 vmzwhixfyojt.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 slawtcimzzft.info udp
US 8.8.8.8:53 jhvkbcpnqnsw.info udp
US 8.8.8.8:53 lvsytejnus.net udp
US 8.8.8.8:53 davmkyr.info udp
US 8.8.8.8:53 mitekfuvzpnv.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 hhylbxmj.net udp
US 8.8.8.8:53 hqpwxrfql.info udp
US 8.8.8.8:53 aofcjyjeniv.net udp
US 8.8.8.8:53 syqigcioao.com udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 ttjkwfgi.info udp
US 8.8.8.8:53 dnlxzcmvny.net udp
US 8.8.8.8:53 nuiefajcl.net udp
US 8.8.8.8:53 utwnjxrd.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 gxyleelm.net udp
US 8.8.8.8:53 hhqfmmvozop.net udp
US 8.8.8.8:53 zgyszk.info udp
US 8.8.8.8:53 jymepkz.net udp
US 8.8.8.8:53 yqfimar.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 qokrralbqbzd.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 tlysxbfrlfsw.info udp
US 8.8.8.8:53 zsfqvjxrrdf.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 btnffb.net udp
US 8.8.8.8:53 buztpyaqmrft.info udp
US 8.8.8.8:53 pibgiblkjba.info udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 ogfouvw.net udp
US 8.8.8.8:53 eqhstijaqp.net udp
US 8.8.8.8:53 ffuevdff.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jgniaygwrqo.org udp
US 8.8.8.8:53 oqkusuwemeeg.org udp
US 8.8.8.8:53 jnuqgsaxui.net udp
US 8.8.8.8:53 pmpdegpwxxgu.net udp
US 8.8.8.8:53 pfldcvvfvas.com udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 eeznyolgibnj.net udp
US 8.8.8.8:53 bwkqkrln.net udp
US 8.8.8.8:53 ipybcq.info udp
US 8.8.8.8:53 cjbbyvryunam.info udp
US 8.8.8.8:53 zewcrim.net udp
US 8.8.8.8:53 mqpmfwrwddp.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 tphehbfe.info udp
US 8.8.8.8:53 yohgvkxvxlmj.info udp
US 8.8.8.8:53 wuuzun.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 jlrokefd.info udp
US 8.8.8.8:53 mlnwrshy.info udp
US 8.8.8.8:53 eyoykwoakmsg.com udp
US 8.8.8.8:53 kwdpthbwjopk.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 miiaoweoywqg.com udp
US 8.8.8.8:53 vghcrcf.org udp
US 8.8.8.8:53 yxkmzadvvd.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 nkbhbybzpda.com udp
US 8.8.8.8:53 mcnddovex.net udp
US 8.8.8.8:53 eztcmu.net udp
US 8.8.8.8:53 joalnofqnnhq.net udp
US 8.8.8.8:53 mmmiecgssuuu.org udp
US 8.8.8.8:53 pqvqyszpbcxm.net udp
US 8.8.8.8:53 pgbzuqt.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 fedmcmgwn.info udp
US 8.8.8.8:53 eehyttnoejf.net udp
US 8.8.8.8:53 phiuaypupz.info udp
US 8.8.8.8:53 vroubvls.info udp
US 8.8.8.8:53 nglvtaiyt.net udp
US 8.8.8.8:53 jyfqebacwnl.net udp
US 8.8.8.8:53 hzgjxs.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 wuecmu.org udp
US 8.8.8.8:53 ezawbsemtwp.info udp
US 8.8.8.8:53 gcrvfq.net udp
US 8.8.8.8:53 cegoqu.com udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 wkioof.net udp
US 8.8.8.8:53 vvxorqnf.net udp
US 8.8.8.8:53 epszmiwaif.net udp
US 8.8.8.8:53 rgisdqwfhml.net udp
US 8.8.8.8:53 fihqos.info udp
US 8.8.8.8:53 qjlxuqj.net udp
US 8.8.8.8:53 cycccyuwie.org udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 baxwlvcsl.info udp
US 8.8.8.8:53 skmsbencsvsu.info udp
US 8.8.8.8:53 naeevmocjyf.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 zvesbelun.com udp
US 8.8.8.8:53 qetxcrgpncmy.net udp
US 8.8.8.8:53 ringhiwif.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 eoozifbpxocx.net udp
US 8.8.8.8:53 eyyieqauwi.org udp
US 8.8.8.8:53 cowqokek.org udp
US 8.8.8.8:53 xpvotgepnf.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 ngvqvo.info udp
US 8.8.8.8:53 lsadlwznm.com udp
US 8.8.8.8:53 onnspifa.info udp
US 8.8.8.8:53 kenigejs.info udp
US 8.8.8.8:53 uqmkoaasaiui.com udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 tlmfyrocce.info udp
US 8.8.8.8:53 eepgxnp.info udp
US 8.8.8.8:53 czzonhca.net udp
US 8.8.8.8:53 ewmsqyew.com udp
US 8.8.8.8:53 ztqqdffz.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 dzxnhq.net udp
US 8.8.8.8:53 mohydglijom.info udp
US 8.8.8.8:53 lkhoofalsgbq.info udp
US 8.8.8.8:53 shzzpflmh.info udp
US 8.8.8.8:53 jepzltihdddm.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 akcmrot.info udp
US 8.8.8.8:53 kbqlvqqroyyr.net udp
US 8.8.8.8:53 ckaiioiqqiwy.org udp
US 8.8.8.8:53 biuvrapclfti.info udp
US 8.8.8.8:53 znhornae.info udp
US 8.8.8.8:53 zwxkzebevez.net udp
US 8.8.8.8:53 kynorgtmrit.info udp
US 8.8.8.8:53 jkeifpciuq.net udp
US 8.8.8.8:53 qwatgpdokrhp.info udp
US 8.8.8.8:53 exayvvrspzt.info udp

Files

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

MD5 752fd8203cbe79e001d17f60bba106be
SHA1 f84ff7bc4538cf1b1adbd80385fc079b47dd0aad
SHA256 9ea0c5f5e393e2564d8b5da8ef3b93bd1ac6f1d192641029ef2977bc98a356c5
SHA512 0f0747346ac2fe8e9ef1bef70c55811dddce773be3f39066e6d5a1c0b6f3f5fb5e177ed0b53848380aeeef76a2e5e51e808389a6eb6273bbe1c801c75c57bf3c

C:\Windows\SysWOW64\oitliwvjerruiqjypi.exe

MD5 b28fa6555cafc95802f3ddea94c609ce
SHA1 cc96fa61ef893dc781267ebba3bfa90218e6dcba
SHA256 13e8f8cf343f9c910a2a465fbfb2504a07fb9224bfad739ab6d70ce8c70681b6
SHA512 3c5f8d99aa01ab45ea0e5673c0bd593352d446c28cf40e51a3cc77e54a54d197a8e5b8d78cd8df212f16a819a4a067eb987c4cf30a49361e72d39340edc914ba

C:\Users\Admin\AppData\Local\Temp\mutzkm.exe

MD5 590b9b1518554ea41b0f64f799791cb9
SHA1 0eea56caa1873ca503fdb5ad023b039c9299e4cd
SHA256 56f9b8ffea8a8b05a67d454ef8b31e3d22177af93ac0512e5b0475e6129e4fa4
SHA512 b0d65e37e8579823ee4ea9f1295fae5376efe4430bab54922ee0b00c49320749eb708df9943eed91979ceecf1160bc3989d495603e343ba1c58d591a253b2cc3

C:\Users\Admin\AppData\Local\lqmpxwgfljuihaeegkplowvfe.ith

MD5 0e257ee6fb0e231f9c39085852210027
SHA1 e25cca5c2a01fafa149cad6ef8629f4c449d9a6b
SHA256 abcb96576a31c2546c781b7347edd729e8241ae086f980641077c9f08464091e
SHA512 a9ff07fbdb71ff84a889854923c877a185ba8286e769f58d6dbf4ab938dbce01956aed30b95351ecbcecc8d6ac8978846b04be1a24805314e9dd42c39fa9289f

C:\Users\Admin\AppData\Local\qgnbuezjajfeoshsfukrfyidnenjiswlwjyo.jcm

MD5 d6ec95c7d565a2a446282de572b279e7
SHA1 5de34c19f6db1ac537c5ff23bb3132975371f541
SHA256 052467b8c065624a35dcd7cd9e1c32c8ad847e14cddeb109b78470f5b376449b
SHA512 24985e7738f0f681f7922536cf392221c04f0a3126ae969bf19f3ae5af8970b3c63922a976a10f5139d1e2a75321435ffa9dc1680649ad27da900a9d2d0cadf8

C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith

MD5 93a45b7f28d43f53dd9542b6fb363fa4
SHA1 5ab581825bf77d0f1cb93df326dd4707d1c8f5d3
SHA256 1f16f769729188940a57d95a6347475958764cf9a54f01be36ddec644b87ea64
SHA512 8a39ca6db99b237a1cbbd5f3f66d16d4597261725a49f3c35a8351cc4188f2ad528ed145bea5bde2603aa342844ec56c75f9e310e78018a36b762efff73a4e85

C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith

MD5 1242ce12c87d67ce6068e7d20d7caf21
SHA1 70844034587524768949a59686086ca0b644ed75
SHA256 852d7524b4e5494fa512e9fcfe65554f2cfe43da38c1959085712f592e0bac99
SHA512 58abec0a9066b26b2c1db1c16196e42fd0f25c075ed1238bc2c01ee837ecef0be8356d68857a4d0056819acc1950e82c1e3e3bc4c00c21ba66a60b98a029b112

C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith

MD5 1415cd6290e3e3c0965a5871f38b8758
SHA1 f550687a4f3f2efc9a614ab396e972c18f9b9506
SHA256 39c5530f3d1847ee1b5a9c64f622b6178ae6daf5fb5ddf2b368a143125acfe4d
SHA512 ba1169a902ea47e64934e0b8a4bbd732dc913987361eaad2099dab29e3d659d7aaec654cebf520d1cde21fed8e59dabf438bb2b77eb2b0612746464ebdd877a3

C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith

MD5 7390c4f8710b15acfbd30c6e448595c5
SHA1 e8d92eef99573b5842bfb575d42bd77d9a8e85dd
SHA256 d7e05e27f2e7ebb242654cd9471bc38b64ee451473dab40c8eed22c2c1dde90f
SHA512 d8e6e6e3a5bfca20647f80eb0b90973d763631704f195601ad2cf69daa0a760de921881c37e89ff20e8443ebf99ac101c85d1268c6be0ff634383761c1f7e870

C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith

MD5 8780ef9c9ba76a5c364379b2db21e619
SHA1 e14bd2602d7a48def47a9164aaffd75289b699f5
SHA256 5e78889b94a9e4190c6adeda9b1f81dc3a0403ccaf694df377cc552a9a9a90de
SHA512 37b6eeff3283925e10a0b8d265d17fea03a98b6b3434fedad115f4b7d1db0791455e3974074e5d9d39d500db5835269678a3825d4099019a94b78976b46e2d95

C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith

MD5 4828a682beaabcfd5c3184bad1f853ea
SHA1 db8177259399ebcb9bfbe3d3ebcc227b35e56038
SHA256 5c28a3e4e73cec57c5c05d92f4c7a80179f7475fb9e2384b9a6c7306672699b6
SHA512 a07fbedcdc7cd48528275a06844bde96f371166ad0f24a1512419985995d6d56dcddcb735fd3c50b549d61f245d62c6f044151ed673064bffb8d952d3621f47d

C:\Program Files (x86)\lqmpxwgfljuihaeegkplowvfe.ith

MD5 7853e2810074349c99dda00aaf1747ba
SHA1 d908479eaf139ba2863d31e47670d338c7648ee1
SHA256 2904c525c9c08a5d86c2cb007fe264617db8b579fa28b1f626582bcb9c2ff1f4
SHA512 b9b2fb9edd7f6519ea64a5d9322cc8e7d0ede0e3182dbbff152f4c4784c14e1ebefeaa9203cfdd4c03c29d52d5675349ea696b18763cedbbd2dd32b48bb3bf46