Malware Analysis Report

2025-08-10 16:33

Sample ID 250412-s8rlbsxpv9
Target JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0
SHA256 f3cb92699801b3fd4ca75d9e7a09d1b40b0a4591399753c4222c0b6385d8c897
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f3cb92699801b3fd4ca75d9e7a09d1b40b0a4591399753c4222c0b6385d8c897

Threat Level: Known bad

The file JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa family

Pykspa

UAC bypass

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Impair Defenses: Safe Mode Boot

Checks computer location settings

Executes dropped EXE

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-12 15:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-12 15:48

Reported

2025-04-12 15:50

Platform

win10v2004-20250314-en

Max time kernel

47s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\baisp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oqbooefr = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\oavsccnjypldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\yibweclfshbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
N/A N/A C:\Windows\zmigrsebrjgzumimnvd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\oavsccnjypldxojmmt.exe N/A
N/A N/A C:\Windows\fqkgpoythxsjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
N/A N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Windows\yibweclfshbrjyrs.exe N/A
N/A N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Windows\fqkgpoythxsjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Windows\fqkgpoythxsjcsmon.exe N/A
N/A N/A C:\Windows\zmigrsebrjgzumimnvd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\fqkgpoythxsjcsmon.exe N/A
N/A N/A C:\Windows\fqkgpoythxsjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Windows\fqkgpoythxsjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\yibweclfshbrjyrs.exe N/A
N/A N/A C:\Windows\oavsccnjypldxojmmt.exe N/A
N/A N/A C:\Windows\zmigrsebrjgzumimnvd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\yibweclfshbrjyrs.exe N/A
N/A N/A C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
N/A N/A C:\Windows\zmigrsebrjgzumimnvd.exe N/A
N/A N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
N/A N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "oavsccnjypldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "bqoobesrjdcxuomsvfpec.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "bqoobesrjdcxuomsvfpec.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "fqkgpoythxsjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fqkgpoythxsjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "fqkgpoythxsjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "maxwikxvmfdxtmjoqziw.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tymcfycrzjy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "maxwikxvmfdxtmjoqziw.exe ." C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "zmigrsebrjgzumimnvd.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zmigrsebrjgzumimnvd.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "maxwikxvmfdxtmjoqziw.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ycpegybpwf = "fqkgpoythxsjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fiuijacpv = "bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "yibweclfshbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mmvges = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zakwvkk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yibweclfshbrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mmvges = "bqoobesrjdcxuomsvfpec.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qwlcgafvepfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oavsccnjypldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File created C:\Windows\SysWOW64\dwyctasvrpsrsqscjxleg.bia C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File created C:\Windows\SysWOW64\ycpegybpwftdpylgyxwancewznudrbnw.ewv C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\SysWOW64\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File created C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Program Files (x86)\ycpegybpwftdpylgyxwancewznudrbnw.ewv C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File created C:\Program Files (x86)\ycpegybpwftdpylgyxwancewznudrbnw.ewv C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File created C:\Windows\dwyctasvrpsrsqscjxleg.bia C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\sihiwappiddzxsrycnyono.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\maxwikxvmfdxtmjoqziw.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yibweclfshbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bqoobesrjdcxuomsvfpec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yibweclfshbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fqkgpoythxsjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\maxwikxvmfdxtmjoqziw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 756 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 756 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 756 wrote to memory of 1232 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3948 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\maxwikxvmfdxtmjoqziw.exe
PID 3948 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\maxwikxvmfdxtmjoqziw.exe
PID 3948 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\maxwikxvmfdxtmjoqziw.exe
PID 3828 wrote to memory of 4692 N/A C:\Windows\system32\cmd.exe C:\Windows\zmigrsebrjgzumimnvd.exe
PID 3828 wrote to memory of 4692 N/A C:\Windows\system32\cmd.exe C:\Windows\zmigrsebrjgzumimnvd.exe
PID 3828 wrote to memory of 4692 N/A C:\Windows\system32\cmd.exe C:\Windows\zmigrsebrjgzumimnvd.exe
PID 4692 wrote to memory of 3248 N/A C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4692 wrote to memory of 3248 N/A C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4692 wrote to memory of 3248 N/A C:\Windows\zmigrsebrjgzumimnvd.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4748 wrote to memory of 3772 N/A C:\Windows\system32\cmd.exe C:\Windows\oavsccnjypldxojmmt.exe
PID 4748 wrote to memory of 3772 N/A C:\Windows\system32\cmd.exe C:\Windows\oavsccnjypldxojmmt.exe
PID 4748 wrote to memory of 3772 N/A C:\Windows\system32\cmd.exe C:\Windows\oavsccnjypldxojmmt.exe
PID 1020 wrote to memory of 4188 N/A C:\Windows\system32\cmd.exe C:\Windows\fqkgpoythxsjcsmon.exe
PID 1020 wrote to memory of 4188 N/A C:\Windows\system32\cmd.exe C:\Windows\fqkgpoythxsjcsmon.exe
PID 1020 wrote to memory of 4188 N/A C:\Windows\system32\cmd.exe C:\Windows\fqkgpoythxsjcsmon.exe
PID 2408 wrote to memory of 1516 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
PID 2408 wrote to memory of 1516 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
PID 2408 wrote to memory of 1516 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
PID 4188 wrote to memory of 1640 N/A C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4188 wrote to memory of 1640 N/A C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4188 wrote to memory of 1640 N/A C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 1280 wrote to memory of 1968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
PID 1280 wrote to memory of 1968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
PID 1280 wrote to memory of 1968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe
PID 1968 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 1968 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 1968 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2024 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
PID 2024 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
PID 2024 wrote to memory of 2832 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe
PID 1344 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
PID 1344 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
PID 1344 wrote to memory of 5824 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe
PID 5824 wrote to memory of 5968 N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5824 wrote to memory of 5968 N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5824 wrote to memory of 5968 N/A C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 1232 wrote to memory of 6092 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
PID 1232 wrote to memory of 6092 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
PID 1232 wrote to memory of 6092 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
PID 1232 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
PID 1232 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
PID 1232 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe
PID 5920 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Windows\bqoobesrjdcxuomsvfpec.exe
PID 5920 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Windows\bqoobesrjdcxuomsvfpec.exe
PID 5920 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Windows\bqoobesrjdcxuomsvfpec.exe
PID 4068 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\yibweclfshbrjyrs.exe
PID 4068 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\yibweclfshbrjyrs.exe
PID 4068 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\yibweclfshbrjyrs.exe
PID 4236 wrote to memory of 5500 N/A C:\Windows\system32\cmd.exe C:\Windows\bqoobesrjdcxuomsvfpec.exe
PID 4236 wrote to memory of 5500 N/A C:\Windows\system32\cmd.exe C:\Windows\bqoobesrjdcxuomsvfpec.exe
PID 4236 wrote to memory of 5500 N/A C:\Windows\system32\cmd.exe C:\Windows\bqoobesrjdcxuomsvfpec.exe
PID 5664 wrote to memory of 5772 N/A C:\Windows\system32\cmd.exe C:\Windows\zmigrsebrjgzumimnvd.exe
PID 5664 wrote to memory of 5772 N/A C:\Windows\system32\cmd.exe C:\Windows\zmigrsebrjgzumimnvd.exe
PID 5664 wrote to memory of 5772 N/A C:\Windows\system32\cmd.exe C:\Windows\zmigrsebrjgzumimnvd.exe
PID 5772 wrote to memory of 2268 N/A C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5772 wrote to memory of 2268 N/A C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5772 wrote to memory of 2268 N/A C:\Windows\fqkgpoythxsjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5500 wrote to memory of 1596 N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5500 wrote to memory of 1596 N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5500 wrote to memory of 1596 N/A C:\Windows\bqoobesrjdcxuomsvfpec.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4964 wrote to memory of 4536 N/A C:\Windows\system32\cmd.exe C:\Windows\bqoobesrjdcxuomsvfpec.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b2b7b9be91e42f447618c78205cfccb0.exe"

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b2b7b9be91e42f447618c78205cfccb0.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe

"C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe" "-C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe"

C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe

"C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe" "-C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\maxwikxvmfdxtmjoqziw.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zmigrsebrjgzumimnvd.exe*."

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\maxwikxvmfdxtmjoqziw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\oavsccnjypldxojmmt.exe*."

C:\Windows\oavsccnjypldxojmmt.exe

oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\bqoobesrjdcxuomsvfpec.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yibweclfshbrjyrs.exe .

C:\Windows\yibweclfshbrjyrs.exe

yibweclfshbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yibweclfshbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fqkgpoythxsjcsmon.exe .

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Windows\fqkgpoythxsjcsmon.exe

fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yibweclfshbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\fqkgpoythxsjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe

C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zmigrsebrjgzumimnvd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\fqkgpoythxsjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zmigrsebrjgzumimnvd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\zmigrsebrjgzumimnvd.exe

zmigrsebrjgzumimnvd.exe

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\bqoobesrjdcxuomsvfpec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqoobesrjdcxuomsvfpec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\maxwikxvmfdxtmjoqziw.exe

maxwikxvmfdxtmjoqziw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fqkgpoythxsjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oavsccnjypldxojmmt.exe .

C:\Windows\bqoobesrjdcxuomsvfpec.exe

bqoobesrjdcxuomsvfpec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zmigrsebrjgzumimnvd.exe .

Network

Country Destination Domain Proto
GB 88.221.135.17:443 www.bing.com tcp
GB 88.221.135.17:443 www.bing.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:80 www.google.com tcp
BG 212.104.122.148:17590 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 ukhabwvlf.net udp
US 8.8.8.8:53 dyuuostwxx.net udp
US 8.8.8.8:53 yuooqwmgew.org udp
US 8.8.8.8:53 umkyeiyc.org udp
US 8.8.8.8:53 dmpaosvtn.com udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 iegqtgjanst.info udp
US 8.8.8.8:53 uoiqay.com udp
US 8.8.8.8:53 truthsbplrro.net udp
US 8.8.8.8:53 hsqfvx.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 axdkvgw.net udp
US 8.8.8.8:53 rfjwvsrhph.net udp
US 8.8.8.8:53 yuyukkqoyy.org udp
US 8.8.8.8:53 ecugyycmci.com udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 khoabjinzpbv.info udp
US 8.8.8.8:53 geiycy.org udp
US 8.8.8.8:53 nmvrrix.net udp
US 8.8.8.8:53 yicamgys.com udp
US 8.8.8.8:53 pfgjtkzkh.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 rirkqbwnd.info udp
US 8.8.8.8:53 agsslrilxbci.info udp
BG 178.254.209.115:22101 tcp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 yxmafkllii.info udp
US 8.8.8.8:53 tcrleitjyxz.com udp
US 8.8.8.8:53 mcpluopr.info udp
US 8.8.8.8:53 xwzepijqzuk.net udp
US 8.8.8.8:53 rgvisyjqjzt.org udp
US 8.8.8.8:53 zfwohaet.net udp
US 8.8.8.8:53 tqdjhguh.info udp
US 8.8.8.8:53 hynurczgd.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 jgpuhqr.net udp
US 8.8.8.8:53 fxdyllnmzn.net udp
US 8.8.8.8:53 dfnedkz.info udp
US 8.8.8.8:53 uszljdzvz.info udp
US 8.8.8.8:53 wyicmwmiqm.com udp
US 8.8.8.8:53 dqyydcnk.net udp
US 8.8.8.8:53 icpitflidav.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 peugxeckkrw.com udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 pzratqwsxir.net udp
US 8.8.8.8:53 gqfabq.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 cmbyisrjobdg.info udp
US 8.8.8.8:53 ldtkkbjsjof.org udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 qhegpfzfzthw.info udp
US 8.8.8.8:53 rxjwdshwd.org udp
US 8.8.8.8:53 cttqvz.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 hmqtnhumwmpq.net udp
US 8.8.8.8:53 kyknmqoav.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 dzelsuacik.info udp
BG 84.238.144.124:33816 tcp
US 8.8.8.8:53 slsfykgjfwxr.info udp
US 8.8.8.8:53 znlonr.info udp
US 8.8.8.8:53 agpyvikus.net udp
US 8.8.8.8:53 vydskdhqdayn.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 fhferxppfhjr.info udp
US 8.8.8.8:53 yuecge.net udp
US 8.8.8.8:53 vmlpskz.com udp
US 8.8.8.8:53 lqfuryo.net udp
US 8.8.8.8:53 nbnyhdlarbzf.info udp
US 8.8.8.8:53 ihksuunwtcl.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 dmstyidanf.info udp
US 8.8.8.8:53 tqnpaaro.net udp
US 8.8.8.8:53 yitivcd.net udp
US 8.8.8.8:53 potsrqrab.info udp
US 8.8.8.8:53 yplfwydnh.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 emjixqjix.net udp
US 8.8.8.8:53 nuxjvf.net udp
US 8.8.8.8:53 aezodiyiuky.net udp
US 8.8.8.8:53 vtmlxfot.info udp
US 8.8.8.8:53 idrmlscsum.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 vexeczxhro.info udp
US 8.8.8.8:53 hbmwpuey.net udp
US 8.8.8.8:53 nvmqtbtjo.info udp
US 8.8.8.8:53 ngsyjjxodc.net udp
US 8.8.8.8:53 pkgyxaxumip.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 xmvsfur.org udp
US 8.8.8.8:53 iwjfdxmyywpm.net udp
US 8.8.8.8:53 emisuouqqkmy.com udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 iaicocyyie.com udp
US 8.8.8.8:53 eaxqqrajavxr.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 qepyutvw.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 fqfsruv.net udp
US 8.8.8.8:53 xowpnrx.net udp
US 8.8.8.8:53 qkagwcckwk.org udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 eqeiewddrgjn.net udp
US 8.8.8.8:53 ojodjsuxxyli.net udp
US 8.8.8.8:53 esyasr.info udp
DE 88.216.62.113:34375 tcp
US 8.8.8.8:53 sawwigoqki.org udp
US 8.8.8.8:53 zrpiqqdwzis.info udp
US 8.8.8.8:53 xibwutd.info udp
US 8.8.8.8:53 oeuuge.org udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 tqespaf.org udp
US 8.8.8.8:53 udhothlyzouv.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 ewwyalz.net udp
US 8.8.8.8:53 zukxcav.org udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 gswonqjeu.net udp
US 8.8.8.8:53 uudocyt.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 wvaclyqg.net udp
US 8.8.8.8:53 eqqmhn.net udp
US 8.8.8.8:53 barmgootk.net udp
US 8.8.8.8:53 jgwcoofzbun.net udp
US 8.8.8.8:53 kkymaomawm.org udp
US 8.8.8.8:53 akabzjqy.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 wojnqnt.net udp
US 8.8.8.8:53 hskbifhupuv.net udp
US 8.8.8.8:53 ouimiigeimqc.com udp
US 8.8.8.8:53 qzjszyxgtgn.info udp
US 8.8.8.8:53 taarezltzbfb.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 xjykdox.org udp
US 8.8.8.8:53 ctpvww.info udp
US 8.8.8.8:53 gbeglndwzz.info udp
US 8.8.8.8:53 libkzyhemgc.org udp
US 8.8.8.8:53 zboybkjyj.org udp
US 8.8.8.8:53 nkrugqeebab.com udp
US 8.8.8.8:53 ushyaighhmlt.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 ccvzyakegzoo.info udp
US 8.8.8.8:53 iovzoqp.net udp
US 8.8.8.8:53 xitbjksec.info udp
LT 91.187.164.235:33876 tcp
US 8.8.8.8:53 upmkxipfjy.info udp
US 8.8.8.8:53 vqgmpsutx.org udp
US 8.8.8.8:53 tlpxvwdj.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 dwmkfzhhzmq.info udp
US 8.8.8.8:53 huomlunix.info udp
US 8.8.8.8:53 yomusu.com udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 jqbuxkvwm.info udp
US 8.8.8.8:53 gkwtlrssvip.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 uupgrwoctig.info udp
US 8.8.8.8:53 ogagoauymkgi.org udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 xkksuaqezut.net udp
US 8.8.8.8:53 dmnaxqeurug.info udp
US 8.8.8.8:53 vdrkxqzvhxdg.info udp
US 8.8.8.8:53 xtaizc.net udp
US 8.8.8.8:53 fjpvhkxgwxla.info udp
US 8.8.8.8:53 zgvcafvg.net udp
US 8.8.8.8:53 wznabvihkcdb.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 yeqiiwiq.com udp
US 8.8.8.8:53 rswyleo.net udp
US 8.8.8.8:53 uscawswekwca.com udp
US 8.8.8.8:53 xnqupo.net udp
US 8.8.8.8:53 cyqcqa.com udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 uihvyuj.info udp
US 8.8.8.8:53 tcrnxafdbyx.org udp
US 8.8.8.8:53 vszduwunrxjm.info udp
US 8.8.8.8:53 tnfswqveavz.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 fejauk.info udp
BG 89.252.234.82:33728 tcp
US 8.8.8.8:53 iisfhhbga.net udp
US 8.8.8.8:53 dhphfixaobbh.info udp
US 8.8.8.8:53 hsfgdwr.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 tdchjxar.net udp
US 8.8.8.8:53 jcrmmizktkn.com udp
US 8.8.8.8:53 fzclgwnbikh.info udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 eerojah.net udp
US 8.8.8.8:53 symiao.org udp
US 8.8.8.8:53 eebmjmujjba.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 wlncxjueowev.net udp
US 8.8.8.8:53 ykykga.org udp
US 8.8.8.8:53 irvnmlbyfw.net udp
US 8.8.8.8:53 oavkdkr.info udp
US 8.8.8.8:53 suoancjod.info udp
US 8.8.8.8:53 rznovg.net udp
US 8.8.8.8:53 vmzwhixfyojt.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 emiciauakmme.org udp
US 8.8.8.8:53 igaasway.com udp
US 8.8.8.8:53 jscevkv.net udp
US 8.8.8.8:53 uqkusqwymu.org udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 kkqqsyyy.org udp
US 8.8.8.8:53 irgzkjfrzk.info udp
US 8.8.8.8:53 dezgjkdue.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 lerdirojfcyg.net udp
US 8.8.8.8:53 fvhymjohak.net udp
US 8.8.8.8:53 kewigkyywe.com udp
US 8.8.8.8:53 redodnz.com udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 ttjkwfgi.info udp
US 8.8.8.8:53 awuarqw.info udp
US 8.8.8.8:53 yklcztz.info udp
US 8.8.8.8:53 jleltetr.info udp
US 8.8.8.8:53 iceryyh.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 gxyleelm.net udp
US 8.8.8.8:53 xgxyducqbua.info udp
US 8.8.8.8:53 ackmeu.com udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 gplixml.info udp
US 8.8.8.8:53 ieoosciq.org udp
US 8.8.8.8:53 eldjrwtvlqpr.info udp
MD 46.55.26.81:27433 tcp
US 8.8.8.8:53 fifutsiya.info udp
US 8.8.8.8:53 vembqo.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 hxzrjhrn.net udp
US 8.8.8.8:53 ttfutuqoirf.org udp
US 8.8.8.8:53 qymwmwuqkaom.org udp
US 8.8.8.8:53 scecmwuaiw.org udp
US 8.8.8.8:53 chdceanmd.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 buztpyaqmrft.info udp
US 8.8.8.8:53 kwwsvvjrtf.info udp
US 8.8.8.8:53 gosamc.com udp
US 8.8.8.8:53 ulhxbqn.info udp
US 8.8.8.8:53 uegooykycwqa.org udp
US 8.8.8.8:53 psvfgungqcz.com udp
US 8.8.8.8:53 dcmkzll.org udp
US 8.8.8.8:53 izzkwsycb.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 fsdjni.info udp
US 8.8.8.8:53 qioiokiq.org udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jgniaygwrqo.org udp
US 8.8.8.8:53 dguixccvr.com udp
US 8.8.8.8:53 nucbff.info udp
US 8.8.8.8:53 iomcmimaugga.org udp
US 8.8.8.8:53 bshrslz.net udp
US 8.8.8.8:53 zfditavifn.info udp
US 8.8.8.8:53 ysiksyyuomqq.com udp
BG 95.42.247.158:33492 tcp
US 8.8.8.8:53 hkjylkpwkcw.org udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 iycagcee.org udp
US 8.8.8.8:53 gucqwm.org udp
US 8.8.8.8:53 kloqjtxyzqt.net udp
US 8.8.8.8:53 okysoykicqqc.com udp
US 8.8.8.8:53 trvqjhwzpaq.net udp
US 8.8.8.8:53 mqpmfwrwddp.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 ziamhhuif.com udp
US 8.8.8.8:53 msakyiyi.com udp
US 8.8.8.8:53 jsouptoyh.com udp
US 8.8.8.8:53 qepvhuadiyi.net udp
US 8.8.8.8:53 gssios.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 jebkoojvkmu.net udp
US 8.8.8.8:53 eyoykwoakmsg.com udp
US 8.8.8.8:53 nwxbzizv.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 ncsusclfpa.info udp
US 8.8.8.8:53 miafzeu.info udp
US 8.8.8.8:53 omhwhsv.net udp
US 8.8.8.8:53 sphivgbvrdzc.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 nkbhbybzpda.com udp
US 8.8.8.8:53 sfpjfyzigwys.info udp
LT 86.100.211.161:43347 tcp
US 8.8.8.8:53 zmcqao.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 iewskikuay.org udp
US 8.8.8.8:53 finoxma.net udp
US 8.8.8.8:53 sdvhzwzt.net udp
US 8.8.8.8:53 pmslhazqdkt.org udp
US 8.8.8.8:53 bfukdahxnws.com udp
US 8.8.8.8:53 zlnuxxsufafc.info udp
US 8.8.8.8:53 omeecmmwsges.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 axbpoyvs.info udp
US 8.8.8.8:53 cegoqu.com udp
US 8.8.8.8:53 kssawmya.org udp
US 8.8.8.8:53 iyclkizo.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 blolvxvtddca.info udp
US 8.8.8.8:53 czbsfs.info udp
US 8.8.8.8:53 neplcl.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 mbuwzsow.net udp
US 8.8.8.8:53 aipsyrgai.net udp
US 8.8.8.8:53 dilqgxacwo.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 vmmpoomqf.net udp
US 8.8.8.8:53 hnhqzpvxuhoa.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 vaybvafefi.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 ngvqvo.info udp
US 8.8.8.8:53 vmpyfstqoes.info udp
US 8.8.8.8:53 lsbclcjdicj.info udp
US 8.8.8.8:53 mwhegofgp.net udp
US 8.8.8.8:53 lsadlwznm.com udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 qgmyim.org udp
US 8.8.8.8:53 jlftdoty.info udp
US 8.8.8.8:53 tpmoouwfjdqg.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 lefigpxkvcg.net udp
US 8.8.8.8:53 lcyeri.net udp
US 8.8.8.8:53 mlbyfqpixft.info udp
US 8.8.8.8:53 tafybwhpr.info udp
US 8.8.8.8:53 oropgibicsmc.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 oroavtmsaicj.net udp
US 8.8.8.8:53 ouiuea.org udp
US 8.8.8.8:53 acrmfcslu.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 jntsbugvln.net udp
US 8.8.8.8:53 qovlivhvqzom.info udp
US 8.8.8.8:53 lcaqctxbyv.info udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 rwjaduh.info udp
US 8.8.8.8:53 buzkvgluklk.net udp
US 8.8.8.8:53 iblxhs.net udp
US 8.8.8.8:53 thgybpassscw.net udp
OM 87.121.174.194:28894 tcp
US 8.8.8.8:53 bckldxuptn.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 jlrxpp.info udp
US 8.8.8.8:53 ethcdwju.net udp
US 8.8.8.8:53 rgqkfozf.net udp
US 8.8.8.8:53 sipwngdqd.info udp
US 8.8.8.8:53 fcytchvjbw.net udp
US 8.8.8.8:53 pwrwaqtot.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 hibhhsp.com udp
US 8.8.8.8:53 tawhduiinsuz.net udp
US 8.8.8.8:53 zzbybox.com udp
US 8.8.8.8:53 icayuibed.info udp
US 8.8.8.8:53 icgwiacuyaui.org udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 xifoviz.net udp
US 8.8.8.8:53 xwnadm.info udp
US 8.8.8.8:53 qtpmlcrerdi.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 rciepom.net udp
US 8.8.8.8:53 evsjojpwdmlm.info udp
US 8.8.8.8:53 gkeigksi.com udp
US 8.8.8.8:53 qwgkou.org udp
US 8.8.8.8:53 wuosyawle.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 zhvivltg.info udp
US 8.8.8.8:53 kipqopv.info udp
US 8.8.8.8:53 sopubgatuaz.net udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 fqeyludecdd.info udp
US 8.8.8.8:53 dtnhzw.net udp
US 8.8.8.8:53 zuzvjhojarcc.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 eoorrd.info udp
US 8.8.8.8:53 tppuatjf.net udp
US 8.8.8.8:53 spxlbemev.net udp
US 8.8.8.8:53 vwnihionjrol.info udp
US 8.8.8.8:53 lkikbrh.net udp
US 8.8.8.8:53 mzvrbqxmfof.net udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 fddbzgeam.org udp
US 8.8.8.8:53 ncbykakst.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 tontwunhotwg.info udp
US 8.8.8.8:53 djpfnartttrq.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 wqdpfqxhkj.net udp
US 8.8.8.8:53 vuccbptrp.info udp
US 8.8.8.8:53 ywiuwoay.org udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 mgryfyx.net udp
US 8.8.8.8:53 hsfonvtge.com udp
US 8.8.8.8:53 uqajtw.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 oacctkr.net udp
US 8.8.8.8:53 bbkrlwdo.net udp
US 8.8.8.8:53 bmtdui.net udp
US 8.8.8.8:53 cemwigsoauis.com udp
US 8.8.8.8:53 wmuyfivub.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 fmbpiwbr.net udp
US 8.8.8.8:53 tvreijdu.info udp
LT 78.60.234.188:44989 tcp
US 8.8.8.8:53 wooeiqow.com udp
US 8.8.8.8:53 tvzonepudks.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 qkqgeygakqso.com udp
US 8.8.8.8:53 dsfiebfq.net udp
US 8.8.8.8:53 jiekklrlbj.net udp
US 8.8.8.8:53 xnmtdqp.info udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 jalgaof.com udp
US 8.8.8.8:53 bzzixvfyy.net udp
US 8.8.8.8:53 goqaeowege.org udp
US 8.8.8.8:53 mybgdqrsf.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 xolitzuifql.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 aysecakckgqq.org udp
US 8.8.8.8:53 rusebqveluz.info udp
US 8.8.8.8:53 iadtksv.net udp
US 8.8.8.8:53 yhmylzvnrjpj.net udp
US 8.8.8.8:53 fmryuucedwa.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 gouehme.net udp
US 8.8.8.8:53 sqwboeab.net udp
US 8.8.8.8:53 uaoagcsaicqu.com udp
US 8.8.8.8:53 ulcsfmsxts.net udp
US 8.8.8.8:53 nyedbtxz.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 hlixjmj.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 gsbtbsw.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 wsqoumoask.com udp
US 8.8.8.8:53 kmhbiiiwv.net udp
US 8.8.8.8:53 behsisjmh.com udp
US 8.8.8.8:53 aebvzyl.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 dshqrikunmi.com udp
US 8.8.8.8:53 goswcwkqyc.org udp
US 8.8.8.8:53 qraval.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 tbtljamh.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 fuxtkk.info udp
US 8.8.8.8:53 ackpcyksk.net udp
US 8.8.8.8:53 slburd.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 cqockgsqusqg.org udp
DE 95.169.204.76:25097 tcp
US 8.8.8.8:53 fafeomvffqj.com udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 tqbijikzg.org udp
US 8.8.8.8:53 ikciimcsck.com udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 gyfavvd.info udp
US 8.8.8.8:53 nftahxpjqa.net udp
US 8.8.8.8:53 zgzepqimz.net udp
US 8.8.8.8:53 lvvkygwsvxaa.info udp
US 8.8.8.8:53 kinntmvpscie.info udp
US 8.8.8.8:53 nwemypgorlgh.net udp
US 8.8.8.8:53 gcchlmin.net udp
US 8.8.8.8:53 bmlpjel.com udp
US 89.116.218.133:43191 tcp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 iyiwcobqb.net udp
US 8.8.8.8:53 hzrddr.info udp
US 8.8.8.8:53 tusefwwwfse.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 watunwhwkil.info udp
US 8.8.8.8:53 yfhytmrqz.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 yygvkylyn.info udp
US 8.8.8.8:53 lvbwxkpgb.net udp
US 8.8.8.8:53 lfvefs.info udp
US 8.8.8.8:53 bftjbnws.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 aeeewwio.org udp
US 8.8.8.8:53 myeggcgkcuis.com udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 ikaoqi.org udp
US 8.8.8.8:53 bjzjaaicwjmm.net udp
US 8.8.8.8:53 rmrgxf.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 haqgyjoyep.info udp
SA 87.120.170.183:19791 tcp
US 8.8.8.8:53 lttkmyehto.net udp
US 8.8.8.8:53 ucigqmiuwieo.org udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 gyijmqhfrcly.info udp
US 8.8.8.8:53 xojplj.net udp
US 8.8.8.8:53 dyjczkhipif.info udp
US 8.8.8.8:53 eyjlqglundk.net udp
LT 78.63.157.79:15712 tcp
US 8.8.8.8:53 umqmoq.com udp
US 8.8.8.8:53 qlngbvvwwdl.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 xlnllrjjwj.info udp
US 8.8.8.8:53 jkxkioljy.org udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 ydygzbgv.info udp
US 8.8.8.8:53 kbhfaa.net udp
US 8.8.8.8:53 ouyuckykmusk.org udp
US 8.8.8.8:53 wcwqmikm.com udp
US 8.8.8.8:53 yyqascwmkq.com udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 jtivvc.net udp
US 8.8.8.8:53 heeodtf.net udp
US 8.8.8.8:53 vsrstvnlx.net udp
US 8.8.8.8:53 rmdnmkaqa.com udp
US 8.8.8.8:53 xsvubpdgyl.info udp
US 8.8.8.8:53 zbtwspdgyn.info udp
US 8.8.8.8:53 hekpzdcz.net udp
US 8.8.8.8:53 vprenupat.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 fiheagbdignw.net udp
US 8.8.8.8:53 kmhlokvvl.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 tvnnmeu.com udp
US 8.8.8.8:53 qyjgpzmcaix.info udp
US 8.8.8.8:53 hzukpy.info udp
US 8.8.8.8:53 eiygcskago.org udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 jktzjknwrhpw.net udp
US 8.8.8.8:53 lyflcqjniur.net udp
US 8.8.8.8:53 jvdwxikbaj.info udp
US 8.8.8.8:53 fksjlashzb.info udp
US 8.8.8.8:53 zboovdhfjp.net udp
US 8.8.8.8:53 rhxkvzfo.info udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 ymyamcsg.org udp
US 8.8.8.8:53 zqzewtlmvifj.info udp
US 8.8.8.8:53 holadnd.info udp
US 8.8.8.8:53 tltwjqjmjku.info udp
US 8.8.8.8:53 asasoqiqomgi.org udp
US 8.8.8.8:53 nblnqxcwlj.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 xvpfwfdcgxll.net udp
US 8.8.8.8:53 swlcayd.info udp
US 8.8.8.8:53 pazgoqq.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 gkeyph.net udp
BG 195.34.126.250:45540 tcp
US 8.8.8.8:53 fqnsvsv.org udp
US 8.8.8.8:53 todvml.info udp
US 8.8.8.8:53 qvrdbz.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 yntxazaabq.info udp
US 8.8.8.8:53 spdiawq.net udp
US 8.8.8.8:53 konmeqeueip.net udp
US 8.8.8.8:53 ckmicowy.org udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 rugnyejgpszi.info udp
US 8.8.8.8:53 dxoaoxgkf.com udp
US 8.8.8.8:53 xcnuub.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 siifxy.info udp
US 8.8.8.8:53 ubnxhcwo.info udp
US 8.8.8.8:53 kqjgzepghsxh.net udp
US 8.8.8.8:53 whnlkooqug.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 edkuzpchjg.info udp
US 8.8.8.8:53 pvfkjb.net udp
US 8.8.8.8:53 aiiuge.com udp
US 8.8.8.8:53 sgyuguys.org udp
US 8.8.8.8:53 kyxaacdqbxt.info udp
US 8.8.8.8:53 fwhhgqvzmz.net udp
US 8.8.8.8:53 eygkkekgks.com udp
US 8.8.8.8:53 akaqik.org udp
US 8.8.8.8:53 txxszuftff.info udp
US 8.8.8.8:53 iwdyfogslsb.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 kmcuowumumsq.com udp
US 8.8.8.8:53 waewqiprlsr.net udp
US 8.8.8.8:53 aalqwpdrjspx.net udp
US 8.8.8.8:53 mkoruyn.net udp
US 8.8.8.8:53 zehlmzsbsn.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 abyfngtvqkr.info udp
US 8.8.8.8:53 xlpffhvi.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 lplovdfjtnhr.net udp
US 8.8.8.8:53 hinqeugvp.org udp
US 8.8.8.8:53 pvesxitaordl.info udp
LT 212.122.90.163:36415 tcp
US 8.8.8.8:53 xgdqzsneijwf.net udp
US 8.8.8.8:53 obmwpzbjdp.net udp
US 8.8.8.8:53 cbqzbiwtutrn.net udp
US 8.8.8.8:53 dawehvjocwu.com udp
US 8.8.8.8:53 toulqetsf.org udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 bdovjijwabj.info udp
US 8.8.8.8:53 mwhubavgh.net udp
US 8.8.8.8:53 mipwylhuryd.info udp
US 8.8.8.8:53 nwjtnopkkx.net udp
US 8.8.8.8:53 meweccuogeeu.com udp
US 8.8.8.8:53 rhujsryu.info udp
US 8.8.8.8:53 ehnafofkc.net udp
US 8.8.8.8:53 xibsbdaadsl.org udp
US 8.8.8.8:53 ebfwhmhfr.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 jrgyjhxsdf.info udp
US 8.8.8.8:53 gzzyrnsq.net udp
US 8.8.8.8:53 mqnuvudxxdh.net udp
US 8.8.8.8:53 uottjffux.net udp
US 8.8.8.8:53 wlliiaxqeufh.net udp
US 8.8.8.8:53 iesgesie.com udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 aoqyvgn.info udp
US 8.8.8.8:53 fbwbbdzptsde.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 nrggxz.net udp
US 8.8.8.8:53 daafsr.net udp
US 8.8.8.8:53 aoacbwhythx.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 lzfxwqcllqhj.info udp
US 8.8.8.8:53 xirtxapsu.org udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 nsuutepfhldw.info udp
US 8.8.8.8:53 ttpiba.net udp
US 8.8.8.8:53 mqgwcvpojezz.net udp
US 8.8.8.8:53 zkjhxayvz.org udp
US 8.8.8.8:53 chukcbn.net udp
US 8.8.8.8:53 eufcbjf.net udp
US 8.8.8.8:53 rkxfnbdwif.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 opncfsxnboz.info udp
US 8.8.8.8:53 bnofxz.net udp
US 8.8.8.8:53 znltydmkf.org udp
US 8.8.8.8:53 wcbjvwxrvvz.net udp
US 8.8.8.8:53 dmsylqagp.org udp
US 8.8.8.8:53 xktscjlw.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 ggojwwv.info udp
US 8.8.8.8:53 hghula.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 cxpfrbrnp.net udp
US 8.8.8.8:53 wksocmerfgw.info udp
US 8.8.8.8:53 mzyztmnfyg.net udp
US 8.8.8.8:53 bgtnjkxspiqe.info udp
US 8.8.8.8:53 pslgcgomd.org udp
LV 87.110.120.225:14780 tcp
US 8.8.8.8:53 bwnkpcrlj.org udp
US 8.8.8.8:53 xhtrlcyftrx.com udp
US 8.8.8.8:53 gmsivkq.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 nmaibausj.com udp
US 8.8.8.8:53 maoemseemgoy.com udp
US 8.8.8.8:53 gwobtucamtx.info udp
US 8.8.8.8:53 wwkutys.info udp
US 8.8.8.8:53 qwoghmt.info udp
US 8.8.8.8:53 ugmsbi.net udp
US 8.8.8.8:53 prmyteuwqsn.com udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 xlveelrrri.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 bvfgrxzjnmre.net udp
US 8.8.8.8:53 vzohto.info udp
US 8.8.8.8:53 fqomqelwn.com udp
US 8.8.8.8:53 dlnamcc.com udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 cbdwxl.net udp
US 8.8.8.8:53 smdehbe.net udp
US 8.8.8.8:53 gsaydxucn.net udp
US 8.8.8.8:53 kdjmsft.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 bmbcdol.net udp
US 8.8.8.8:53 tqhxunigxzj.com udp
US 8.8.8.8:53 vunkjwk.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 pnzvnpxwnm.net udp
US 8.8.8.8:53 rgpceuorv.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 rufvxcwoncw.com udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 kkquqasmum.com udp
US 8.8.8.8:53 oeiwgegoooow.org udp
US 8.8.8.8:53 nadtlglkdm.net udp
US 8.8.8.8:53 heotulvnx.org udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 jkopiwze.info udp
US 8.8.8.8:53 mostlkwp.net udp
US 8.8.8.8:53 rzvfhgsdhovu.net udp
US 8.8.8.8:53 vrhtfetzjcpt.info udp
US 8.8.8.8:53 oismai.com udp
BG 95.42.241.157:28845 tcp
US 8.8.8.8:53 wbbvlfanet.net udp
US 8.8.8.8:53 hmafbltcvj.net udp
US 8.8.8.8:53 ixagozioua.info udp
US 8.8.8.8:53 qkuiggco.com udp
US 8.8.8.8:53 hsdwzcf.org udp
US 8.8.8.8:53 zovgoulhfgc.info udp
US 8.8.8.8:53 gvsjeglifsxn.net udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 xdgpqwuuyg.net udp
US 8.8.8.8:53 qqseoyakksia.com udp
US 8.8.8.8:53 mgfguixgmdc.net udp
US 8.8.8.8:53 orjosdtbymgj.info udp
US 8.8.8.8:53 ijdzqa.info udp
US 8.8.8.8:53 oqauesgacmmu.com udp
US 8.8.8.8:53 cjorwbxqxwje.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 josokajpa.net udp
US 8.8.8.8:53 vzfrppvefo.net udp
US 8.8.8.8:53 waputlgzwasz.info udp
US 8.8.8.8:53 fwfehcx.net udp
US 8.8.8.8:53 xshqpyq.info udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 lolrlcx.com udp
US 8.8.8.8:53 yflrgr.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 dotnzcgta.info udp
US 8.8.8.8:53 ocykmwqk.com udp
US 8.8.8.8:53 ykbakptqv.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 yqpqzauah.info udp
US 8.8.8.8:53 sgldxclkrbd.net udp
US 8.8.8.8:53 nqsnwhwpqult.net udp
US 8.8.8.8:53 twvsaxij.net udp
US 8.8.8.8:53 mcnzhansbec.info udp
US 8.8.8.8:53 dvzokanhunkx.info udp
US 8.8.8.8:53 lgvkhik.net udp
US 8.8.8.8:53 skznlil.info udp
US 8.8.8.8:53 hodufsshp.com udp
US 8.8.8.8:53 cdycolduewty.info udp
LT 78.60.152.39:14159 tcp
US 8.8.8.8:53 osdexcaat.net udp
US 8.8.8.8:53 iutbrbblbl.net udp
US 8.8.8.8:53 gijuvjlap.net udp
US 8.8.8.8:53 muqgsqcy.org udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 zstfzpjkqup.com udp
US 8.8.8.8:53 dyvuyz.net udp
US 8.8.8.8:53 awsccookqaoa.org udp
US 8.8.8.8:53 xufyyiu.net udp
US 8.8.8.8:53 xqbqbmtgx.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 hpacdwsdie.info udp
US 8.8.8.8:53 wajcnsdedkgv.net udp
US 8.8.8.8:53 uieqeciiqm.com udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 yegqaoahlxzi.net udp
US 8.8.8.8:53 xlnzhnzp.info udp
US 8.8.8.8:53 xqafuwz.info udp
US 8.8.8.8:53 tnlyzjqqzgin.info udp
US 8.8.8.8:53 zrgxmrkuhk.net udp
US 8.8.8.8:53 dyyvuvnbnms.info udp
US 8.8.8.8:53 tujjtiij.info udp
US 8.8.8.8:53 devwmkh.net udp
US 8.8.8.8:53 lhdgtsnif.net udp
US 8.8.8.8:53 fupuhgphvwt.net udp
US 8.8.8.8:53 qlvrpmumfcxi.net udp
US 8.8.8.8:53 fopvatzz.info udp
US 8.8.8.8:53 rtxmtljvvubf.net udp
US 8.8.8.8:53 zoephpgi.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 lznkjsblhuvq.net udp
US 8.8.8.8:53 bkzhlczsmwk.net udp
US 8.8.8.8:53 culuwur.net udp
US 8.8.8.8:53 zslkntzpbmfi.info udp
US 8.8.8.8:53 rvazsyttv.org udp
US 8.8.8.8:53 elmagdcmaxpl.net udp
US 8.8.8.8:53 uwbmnodet.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 joborkrejxs.info udp
US 8.8.8.8:53 lptkmknkl.org udp
US 8.8.8.8:53 isyeca.com udp
US 8.8.8.8:53 hjfdpmp.org udp

Files

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

MD5 221dc9686e3a1fe5d547472d0effd4c1
SHA1 a096f8ca8b19673cb5d734cb26c479a374dff81f
SHA256 2345ed3a8d84cd9753c976471cc4e28c2e7e4d6fab55ea4e1bf9b67e83257b93
SHA512 476f65ea0684fdb11164a45c90e00e4a18e2dacf07ce682ef7ff68fb5bb928e956ed2a3f2df5c3baa6abd16f3a36a6226deebd17b1c5e2a3ffbe63eb0610d17e

C:\Windows\SysWOW64\oavsccnjypldxojmmt.exe

MD5 b2b7b9be91e42f447618c78205cfccb0
SHA1 ac38435860734cbcdfff61a917c8e37e27d781a5
SHA256 f3cb92699801b3fd4ca75d9e7a09d1b40b0a4591399753c4222c0b6385d8c897
SHA512 3d7cab72720c27c80569eab34d9968f34bee41a38efbc9e5d25d40af373b560ba6f7240139d325700389ae0afc53d9c4b40ba69f08a3786f5c32619f37fc4193

C:\Users\Admin\AppData\Local\Temp\zakwvkk.exe

MD5 9a1364f540983e67bee719d5d487a976
SHA1 f28508930bd840e58aeba55735d434c9147f0008
SHA256 61ea799e85239af41582ad3020937523baefafa26a51c89367aa7e6c552ea5e2
SHA512 747d2675ed2bc2cb12d5ddc6c60d2cf6851b86633bf705c79f5268f82ff26b23fd286d009d6a89f28f90b8f4ec887bb572ed8448d8432067e7fdea88b219346b

C:\Users\Admin\AppData\Local\dwyctasvrpsrsqscjxleg.bia

MD5 0357360b33a77b8ec322bb149cae851c
SHA1 525c87409212e2a9fc41e94aa61b29f1b98b3b62
SHA256 ae96107f922157d3b3b148ced3c8baa4ec928f55011898cd47f818ee3c5779e3
SHA512 f33de6c557da255b8417a8e41b979857fff1c9fddda244586f615b131ac665930a8dd359ef5ccdda977d64c78779187bd21b936fc52ec386a062ec969458dde4

C:\Users\Admin\AppData\Local\ycpegybpwftdpylgyxwancewznudrbnw.ewv

MD5 d37dd196e9d0027eeaa51373f6d2a0d7
SHA1 9c9226a0476d0195a6e484a798e981a5a5dde5e9
SHA256 63609a30620328d467e2e22521e85377079ff299a223a8631c9b4adbc42bb287
SHA512 e2ff844df4143ad1c4c64bcbffe662ff9ea9684f3250ce039db36dbf0e3db6d1bfb663379877c65a016154949f34862153f738d56a6016707d5bf761a2582826

C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia

MD5 911b2bdf24860e398a2a72ad3ab277d8
SHA1 7d4a10a4641fabaa68e2baddad8bf684312cb741
SHA256 fb61238076909cfb68a54fe9faa55d65255019d6b6ccfbdbd692b6491c76f642
SHA512 a313359484e4f7f9309ce049e62a79d4c7d33dc980ececfe1fffd4288447deb217f4ab15ec7f2dd97a8eb9718d374501d8887f34ed42511cbf03d8ca3065885f

C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia

MD5 d42cd9b924849252c41af3ba8f86e82e
SHA1 9bbb7272f0a98e7dc02cd5d3105803827fe33669
SHA256 7f9686a86d6c73df1e3b9d4b6b19dd373757abf864a298f1c0bdfff43cfdd5df
SHA512 de169e1dd06e27fb5a967f89f0269375508889bb9331c65c54be5f9ec8364c4c98d15e6a0d6dba0d45ebf609f469cacbbf87bfef64a49748352ec58865364427

C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia

MD5 042babeca04615f993f5941fcff4a367
SHA1 4ed4a46ab5441ccb3a27aefcf815dab796404e46
SHA256 af541ea07c0aabec644dbe2253073aa8b20d7fff55168cff982e94ba5e23bffd
SHA512 3243d6c92ae5cd1e80b5087a1c1d8033d0dfb558ef328207b490ff6f9a760f15c5d2515fae6ea4275f671473daac61274b15c05ffa702b2fe4e1e807c8427ef6

C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia

MD5 8f18da06ee683d8118ddceac13286a96
SHA1 418f11aed78a9454e27e719fafddaa18cfa32971
SHA256 2ee9bfad17eb6385fcc1e4c75b033c95ddfbebf5729c5545e905c3c7b03cd14f
SHA512 f4091ea5d3b95e5ce89a4fad3c27d8322d9246121fa7acca215c5b1049bdd1c4965926013550cb4716178faecabb3180f16807aff9b23dc68d9e5515160f351b

C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia

MD5 34d32d2e3efbbd1515ddfaaaef9e4272
SHA1 78014aaafb8088ad6ae5ebbe18ba377c0af35a33
SHA256 0ade9ccfd674e24f6f55d4aa15df10948f6e32e7ebf85a1060c08705295f10f3
SHA512 5895dc34862a17c567fade9e94446171494ea34b31ce10ec984a44547bb5c71f5f4c1964e79f46b0faee744ea59e69a20c8700dd0ed5c6d0d2615a6a06249c06

C:\Program Files (x86)\dwyctasvrpsrsqscjxleg.bia

MD5 2107fbbdb4c5d38f85ec3cb6dae97c89
SHA1 e7d4de183f09f40d1cd5454364239d0fc56caa69
SHA256 d8fa9cbc22ab066a780106a5358d3c99747275cfff7edf05b49782793369a4b3
SHA512 56b57b104244cc24a80e66406fb1036fd070b24bf832eacc757048b300ec7074528f4d7d2c2f939d41e8d7362c76e1a4716714efb74f5a101fe5f188c58b299b