Malware Analysis Report

2025-08-10 16:35

Sample ID 250413-lnle9attds
Target JaffaCakes118_b440589d0ee46569ca9013e1c4f70261
SHA256 8ca695115227d8c7562dd4cd271fbffe9bb4eca124c6248b1f4ab40075883830
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8ca695115227d8c7562dd4cd271fbffe9bb4eca124c6248b1f4ab40075883830

Threat Level: Known bad

The file JaffaCakes118_b440589d0ee46569ca9013e1c4f70261 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa family

Modifies WinLogon for persistence

UAC bypass

Pykspa

Detect Pykspa worm

Blocklisted process makes network request

Adds policy Run key to start application

Disables RegEdit via registry modification

Checks computer location settings

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Adds Run key to start application

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-13 09:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-13 09:40

Reported

2025-04-13 09:43

Platform

win10v2004-20250314-en

Max time kernel

45s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ndzqgapiavvdnepupf.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pzpakyhugvpr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\sfymzqcshzwbiwe = "ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\atsmfcuqljmxkesayrqkd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\atsmfcuqljmxkesayrqkd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\atsmfcuqljmxkesayrqkd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\xlfuianeunlrzoxa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\etoetmasjdcjsiswq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation C:\Windows\ldbumizuolnxjcpwtljc.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Windows\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Windows\etoetmasjdcjsiswq.exe N/A
N/A N/A C:\Windows\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
N/A N/A C:\Windows\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Windows\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Windows\etoetmasjdcjsiswq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\atsmfcuqljmxkesayrqkd.exe N/A
N/A N/A C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Windows\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Windows\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Windows\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Windows\etoetmasjdcjsiswq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\atsmfcuqljmxkesayrqkd.exe N/A
N/A N/A C:\Windows\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
N/A N/A C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
N/A N/A C:\Windows\xlfuianeunlrzoxa.exe N/A
N/A N/A C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
N/A N/A C:\Windows\etoetmasjdcjsiswq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
N/A N/A C:\Windows\etoetmasjdcjsiswq.exe N/A
N/A N/A C:\Windows\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Windows\ndzqgapiavvdnepupf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "etoetmasjdcjsiswq.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "ypmevqgatpqzkcouqhe.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "ndzqgapiavvdnepupf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "atsmfcuqljmxkesayrqkd.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "ldbumizuolnxjcpwtljc.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "ndzqgapiavvdnepupf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndzqgapiavvdnepupf.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "ndzqgapiavvdnepupf.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "atsmfcuqljmxkesayrqkd.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "ldbumizuolnxjcpwtljc.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "ypmevqgatpqzkcouqhe.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "etoetmasjdcjsiswq.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xlfuianeunlrzoxa = "ndzqgapiavvdnepupf.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozqcncmandybg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ndzqgapiavvdnepupf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypmevqgatpqzkcouqhe.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xlfuianeunlrzoxa.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pbtgsitiwnjntg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ldbumizuolnxjcpwtljc.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\etoetmasjdcjsiswq.exe" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ypmevqgatpqzkcouqhe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\atsmfcuqljmxkesayrqkd.exe" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "xlfuianeunlrzoxa.exe ." C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\etoetmasjdcjsiswq = "ndzqgapiavvdnepupf.exe ." C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File created C:\Windows\SysWOW64\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\SysWOW64\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\SysWOW64\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File created C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Program Files (x86)\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ldbumizuolnxjcpwtljc.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ndzqgapiavvdnepupf.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File created C:\Windows\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
File opened for modification C:\Windows\atsmfcuqljmxkesayrqkd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\rllgayrokjnznixgfzzuom.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
File opened for modification C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\atsmfcuqljmxkesayrqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xlfuianeunlrzoxa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xlfuianeunlrzoxa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xlfuianeunlrzoxa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypmevqgatpqzkcouqhe.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\etoetmasjdcjsiswq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ldbumizuolnxjcpwtljc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\atsmfcuqljmxkesayrqkd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ndzqgapiavvdnepupf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xlfuianeunlrzoxa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 6124 wrote to memory of 6096 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 6124 wrote to memory of 6096 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 6124 wrote to memory of 6096 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4684 wrote to memory of 4464 N/A C:\Windows\system32\cmd.exe C:\Windows\ypmevqgatpqzkcouqhe.exe
PID 4684 wrote to memory of 4464 N/A C:\Windows\system32\cmd.exe C:\Windows\ypmevqgatpqzkcouqhe.exe
PID 4684 wrote to memory of 4464 N/A C:\Windows\system32\cmd.exe C:\Windows\ypmevqgatpqzkcouqhe.exe
PID 4604 wrote to memory of 4652 N/A C:\Windows\system32\cmd.exe C:\Windows\xlfuianeunlrzoxa.exe
PID 4604 wrote to memory of 4652 N/A C:\Windows\system32\cmd.exe C:\Windows\xlfuianeunlrzoxa.exe
PID 4604 wrote to memory of 4652 N/A C:\Windows\system32\cmd.exe C:\Windows\xlfuianeunlrzoxa.exe
PID 4652 wrote to memory of 1040 N/A C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4652 wrote to memory of 1040 N/A C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4652 wrote to memory of 1040 N/A C:\Windows\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 5472 wrote to memory of 744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
PID 5472 wrote to memory of 744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
PID 5472 wrote to memory of 744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
PID 4744 wrote to memory of 3660 N/A C:\Windows\system32\cmd.exe C:\Windows\xlfuianeunlrzoxa.exe
PID 4744 wrote to memory of 3660 N/A C:\Windows\system32\cmd.exe C:\Windows\xlfuianeunlrzoxa.exe
PID 4744 wrote to memory of 3660 N/A C:\Windows\system32\cmd.exe C:\Windows\xlfuianeunlrzoxa.exe
PID 4472 wrote to memory of 2900 N/A C:\Windows\system32\cmd.exe C:\Windows\etoetmasjdcjsiswq.exe
PID 4472 wrote to memory of 2900 N/A C:\Windows\system32\cmd.exe C:\Windows\etoetmasjdcjsiswq.exe
PID 4472 wrote to memory of 2900 N/A C:\Windows\system32\cmd.exe C:\Windows\etoetmasjdcjsiswq.exe
PID 4632 wrote to memory of 3592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
PID 4632 wrote to memory of 3592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
PID 4632 wrote to memory of 3592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe
PID 3592 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 3592 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 3592 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 2900 wrote to memory of 4476 N/A C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 2900 wrote to memory of 4476 N/A C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 2900 wrote to memory of 4476 N/A C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 5672 wrote to memory of 5108 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
PID 5672 wrote to memory of 5108 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
PID 5672 wrote to memory of 5108 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe
PID 3116 wrote to memory of 628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 3116 wrote to memory of 628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 3116 wrote to memory of 628 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 5108 wrote to memory of 5748 N/A C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 5108 wrote to memory of 5748 N/A C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 5108 wrote to memory of 5748 N/A C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 6096 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
PID 6096 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
PID 6096 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
PID 6096 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
PID 6096 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
PID 6096 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe
PID 508 wrote to memory of 2084 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 508 wrote to memory of 2084 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 508 wrote to memory of 2084 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4944 wrote to memory of 864 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4944 wrote to memory of 864 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4944 wrote to memory of 864 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3220 wrote to memory of 4004 N/A C:\Windows\system32\cmd.exe C:\Windows\ypmevqgatpqzkcouqhe.exe
PID 3220 wrote to memory of 4004 N/A C:\Windows\system32\cmd.exe C:\Windows\ypmevqgatpqzkcouqhe.exe
PID 3220 wrote to memory of 4004 N/A C:\Windows\system32\cmd.exe C:\Windows\ypmevqgatpqzkcouqhe.exe
PID 3320 wrote to memory of 1756 N/A C:\Windows\system32\cmd.exe C:\Windows\etoetmasjdcjsiswq.exe
PID 3320 wrote to memory of 1756 N/A C:\Windows\system32\cmd.exe C:\Windows\etoetmasjdcjsiswq.exe
PID 3320 wrote to memory of 1756 N/A C:\Windows\system32\cmd.exe C:\Windows\etoetmasjdcjsiswq.exe
PID 4004 wrote to memory of 3796 N/A C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4004 wrote to memory of 3796 N/A C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 4004 wrote to memory of 3796 N/A C:\Windows\ypmevqgatpqzkcouqhe.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 1756 wrote to memory of 2600 N/A C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 1756 wrote to memory of 2600 N/A C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 1756 wrote to memory of 2600 N/A C:\Windows\etoetmasjdcjsiswq.exe C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
PID 2712 wrote to memory of 1584 N/A C:\Windows\system32\cmd.exe C:\Windows\atsmfcuqljmxkesayrqkd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b440589d0ee46569ca9013e1c4f70261.exe"

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b440589d0ee46569ca9013e1c4f70261.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe

"C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe" "-C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe"

C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe

"C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe" "-C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe .

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\xlfuianeunlrzoxa.exe*."

C:\Windows\xlfuianeunlrzoxa.exe

xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\ndzqgapiavvdnepupf.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ndzqgapiavvdnepupf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Windows\etoetmasjdcjsiswq.exe

etoetmasjdcjsiswq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\etoetmasjdcjsiswq.exe*."

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ldbumizuolnxjcpwtljc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ldbumizuolnxjcpwtljc.exe*."

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe

C:\Users\Admin\AppData\Local\Temp\atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe

C:\Users\Admin\AppData\Local\Temp\ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ypmevqgatpqzkcouqhe.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c atsmfcuqljmxkesayrqkd.exe .

C:\Windows\atsmfcuqljmxkesayrqkd.exe

atsmfcuqljmxkesayrqkd.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\atsmfcuqljmxkesayrqkd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\ldbumizuolnxjcpwtljc.exe

ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ypmevqgatpqzkcouqhe.exe*."

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe

C:\Users\Admin\AppData\Local\Temp\etoetmasjdcjsiswq.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\etoetmasjdcjsiswq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe

C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\xlfuianeunlrzoxa.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe .

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ndzqgapiavvdnepupf.exe

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ndzqgapiavvdnepupf.exe*."

C:\Windows\ndzqgapiavvdnepupf.exe

ndzqgapiavvdnepupf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypmevqgatpqzkcouqhe.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\ypmevqgatpqzkcouqhe.exe

ypmevqgatpqzkcouqhe.exe .

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Users\Admin\AppData\Local\Temp\ldbumizuolnxjcpwtljc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xlfuianeunlrzoxa.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Network

Country Destination Domain Proto
GB 88.221.135.35:443 www.bing.com tcp
GB 88.221.135.35:443 www.bing.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.imdb.com udp
NL 18.239.68.108:80 www.imdb.com tcp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 mequqy.com udp
US 8.8.8.8:53 gbgoydptrm.net udp
US 8.8.8.8:53 bqxmrofj.net udp
US 8.8.8.8:53 arbyzeb.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 glinft.info udp
US 8.8.8.8:53 cengowem.info udp
US 8.8.8.8:53 vkpcrfjspwf.info udp
US 8.8.8.8:53 vatshinrlzot.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 kztwwujhvhbb.info udp
US 8.8.8.8:53 fwbubffzrh.net udp
US 8.8.8.8:53 dqxczsf.info udp
US 8.8.8.8:53 amfywcbc.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 herdgob.org udp
US 8.8.8.8:53 tqxsfyt.org udp
US 8.8.8.8:53 lsxkxkjea.net udp
US 8.8.8.8:53 myaase.info udp
US 8.8.8.8:53 veljipayzwt.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 rjswxvhkbnnv.net udp
US 8.8.8.8:53 gzmspeznjekj.net udp
US 8.8.8.8:53 xjbuynpdku.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 puhpplf.info udp
US 8.8.8.8:53 ekzcleqtzw.info udp
US 8.8.8.8:53 giyctiehp.net udp
US 8.8.8.8:53 oaygwmgisu.com udp
US 8.8.8.8:53 sbtojgh.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 intqzgjpue.net udp
US 8.8.8.8:53 nmhoya.info udp
US 8.8.8.8:53 rkrkzffqlrlt.info udp
US 8.8.8.8:53 tpzejifzj.com udp
US 8.8.8.8:53 nlcrqj.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 gcbixor.info udp
US 8.8.8.8:53 gtfwooj.info udp
US 8.8.8.8:53 unmkcn.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 hhjbpkz.org udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 plvipmj.info udp
US 8.8.8.8:53 ufpfttdkdnr.net udp
US 8.8.8.8:53 nmzadvf.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 xhryvlpep.com udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 lixhfy.info udp
US 8.8.8.8:53 yidyygl.net udp
US 8.8.8.8:53 pkflbvzqruf.com udp
US 8.8.8.8:53 luxibfvxasf.org udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 vwtkbbzamx.info udp
US 8.8.8.8:53 njqyuruo.info udp
US 8.8.8.8:53 porqnkm.info udp
US 8.8.8.8:53 cflllnjmmkw.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 xcmiwp.info udp
US 8.8.8.8:53 fvfamhpgtqt.org udp
US 8.8.8.8:53 ibjctpz.info udp
LT 78.61.84.37:30728 tcp
US 8.8.8.8:53 sqqigakm.com udp
US 8.8.8.8:53 zzfarl.net udp
US 8.8.8.8:53 ratvhbruhaas.info udp
US 8.8.8.8:53 oieuyw.org udp
US 8.8.8.8:53 ogwlsdrkb.net udp
US 8.8.8.8:53 pnuemuzeheth.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 gemsecwgjlft.info udp
US 8.8.8.8:53 mybkjii.info udp
US 8.8.8.8:53 cnznmtcr.net udp
US 8.8.8.8:53 vsjqfunjf.info udp
US 8.8.8.8:53 josbcukr.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 hzzhfxtazs.net udp
US 8.8.8.8:53 sljdjssb.net udp
US 8.8.8.8:53 krnsrkscmxo.info udp
US 8.8.8.8:53 sgvwcwc.info udp
US 8.8.8.8:53 yxtrdu.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 cmhvzu.net udp
US 8.8.8.8:53 hluricwdvuao.net udp
US 8.8.8.8:53 fsigict.net udp
US 8.8.8.8:53 bgmulwbwslj.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 tlnjrkx.com udp
US 8.8.8.8:53 ctltdwr.info udp
US 8.8.8.8:53 tvjpbgwmie.info udp
US 8.8.8.8:53 btyuudmusi.info udp
US 8.8.8.8:53 vupsdmmfg.org udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 nhsvgzwxqk.info udp
US 8.8.8.8:53 dbcldxgbuvqj.net udp
US 8.8.8.8:53 rehfvbcywcuf.net udp
US 8.8.8.8:53 dfzcurlx.info udp
US 8.8.8.8:53 uamsom.com udp
US 8.8.8.8:53 caceysocgwiu.org udp
US 8.8.8.8:53 wixsbkemfml.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 mlidws.info udp
US 8.8.8.8:53 ouhheq.net udp
US 8.8.8.8:53 mcmoucuqimus.org udp
US 8.8.8.8:53 qskwjikoh.net udp
US 8.8.8.8:53 pxqmycsudon.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 rioqeulql.info udp
US 8.8.8.8:53 lwfcbdaem.info udp
US 8.8.8.8:53 hevptad.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 lszohf.info udp
US 8.8.8.8:53 ciyfdtpcsrgi.info udp
US 8.8.8.8:53 fynxtenskylv.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 htrsextxnh.info udp
US 8.8.8.8:53 xgiwldd.com udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 hcozmmsojyel.net udp
US 8.8.8.8:53 wiqdaminfz.net udp
US 8.8.8.8:53 joqylpwoptv.org udp
US 8.8.8.8:53 dedujrlnv.org udp
US 8.8.8.8:53 tsnhfmxad.net udp
US 8.8.8.8:53 barlrfurrj.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 johenidnc.info udp
US 8.8.8.8:53 pynmfafmt.info udp
US 8.8.8.8:53 jxbfnmw.info udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 jaeiqxknnqb.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 uszkpsvoz.net udp
US 8.8.8.8:53 tgklsrpkpoei.info udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 qofmnwvid.info udp
US 8.8.8.8:53 hmpnelyjvw.net udp
US 8.8.8.8:53 xsgotqngx.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 lcxqfavqhnm.net udp
US 8.8.8.8:53 istfqghzi.info udp
US 8.8.8.8:53 rovdxaha.net udp
US 8.8.8.8:53 hftbhhjhviyv.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 ispydk.net udp
US 8.8.8.8:53 zrtvkovjom.net udp
US 8.8.8.8:53 uooyyaai.com udp
US 8.8.8.8:53 bnyxqwcpluvi.net udp
US 8.8.8.8:53 favnlcqdcb.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 lezvrmbp.net udp
US 8.8.8.8:53 swqqswqqie.org udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 rlzwpqz.info udp
US 8.8.8.8:53 jzlekqk.info udp
US 8.8.8.8:53 peyxigezqfqo.info udp
US 8.8.8.8:53 rgdujwc.org udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 vngulsyr.info udp
US 8.8.8.8:53 oayagsooun.net udp
US 8.8.8.8:53 jznayrszqljs.info udp
US 8.8.8.8:53 hatcjfciw.org udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 aghfcu.info udp
US 8.8.8.8:53 zokeokzo.info udp
US 8.8.8.8:53 ioaiuemwgw.com udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 cqnirttowmf.net udp
US 8.8.8.8:53 bqhtlsdbn.info udp
US 8.8.8.8:53 joktvhep.info udp
US 8.8.8.8:53 mqscicoe.org udp
US 8.8.8.8:53 oomfyhhn.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 zwpzfnly.info udp
US 8.8.8.8:53 famylcjup.org udp
US 8.8.8.8:53 waguygwa.org udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 smbclis.info udp
US 8.8.8.8:53 iafduzxtpm.net udp
US 8.8.8.8:53 bnxkwisoz.info udp
US 8.8.8.8:53 hcaihi.net udp
US 8.8.8.8:53 tnnkgodn.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 uozwdyuvx.net udp
US 8.8.8.8:53 tittbblanaig.net udp
US 8.8.8.8:53 zyvvqmugxa.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 iqcwmg.com udp
US 8.8.8.8:53 yabudqdzlnk.info udp
US 8.8.8.8:53 pdrspifiwst.org udp
US 8.8.8.8:53 uedehpoa.net udp
US 8.8.8.8:53 txtzzfcutc.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 pqshrpzwbz.info udp
US 8.8.8.8:53 aqpfbcuizj.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 fimvsoenpwzf.net udp
US 8.8.8.8:53 xwjkzyekbb.net udp
US 8.8.8.8:53 pjumebv.com udp
US 8.8.8.8:53 pfsujxor.info udp
US 8.8.8.8:53 qokacwsmco.org udp
US 8.8.8.8:53 ownjjdglkccc.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 rjprjumr.net udp
US 8.8.8.8:53 kgoijuwnaet.info udp
US 8.8.8.8:53 lfavpwfyz.org udp
US 8.8.8.8:53 bnjwxq.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 xaxmdujmkl.net udp
US 8.8.8.8:53 doaaxyt.net udp
US 8.8.8.8:53 fczqnj.info udp
US 8.8.8.8:53 ggfrrqbzb.net udp
US 8.8.8.8:53 fjftbfxmzs.net udp
US 8.8.8.8:53 jkgafmv.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 jaxipndfzqy.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 mwjdjtvxtczb.net udp
US 8.8.8.8:53 oynedoztnqi.info udp
US 8.8.8.8:53 mvhlvmfslimf.info udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 amhdkapsn.net udp
US 8.8.8.8:53 mtfrqmcuyl.net udp
US 8.8.8.8:53 yojwlwh.info udp
US 8.8.8.8:53 rrbmomswnzb.org udp
US 8.8.8.8:53 binfluf.info udp
US 8.8.8.8:53 lurutgrgrox.org udp
US 8.8.8.8:53 sasgfknot.info udp
US 8.8.8.8:53 swnyjqbyjuh.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 qogymacoqaki.com udp
US 8.8.8.8:53 eqkqqwcakw.org udp
US 8.8.8.8:53 dzrlhtg.net udp
US 8.8.8.8:53 yaquggcy.org udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 ozqsnueoiep.net udp
US 8.8.8.8:53 kzombxfxdcpn.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 jnjcpgsu.info udp
US 8.8.8.8:53 egwwkueaiaew.org udp
US 8.8.8.8:53 ifqsygsdep.net udp
US 8.8.8.8:53 honljscagjx.info udp
US 8.8.8.8:53 eqlonydwbd.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 xkmrjaz.org udp
US 8.8.8.8:53 fktwrwcj.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 dipovonsnwr.net udp
US 8.8.8.8:53 lhnfjypybywl.net udp
US 8.8.8.8:53 jblgfwokm.info udp
US 8.8.8.8:53 swcckgwgqs.org udp
US 8.8.8.8:53 lrvehzlablng.info udp
US 8.8.8.8:53 ciamsc.com udp
US 173.231.200.87:80 ciamsc.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 gocmusoisqgg.org udp
US 8.8.8.8:53 vorhqmnit.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 fmjaap.net udp
US 8.8.8.8:53 qwjayzvejoh.info udp
US 8.8.8.8:53 ydhuacj.net udp
US 8.8.8.8:53 rgftripexdob.info udp
US 8.8.8.8:53 epwhavupnj.net udp
US 8.8.8.8:53 sswynronya.net udp
US 8.8.8.8:53 dmfkytx.org udp
US 8.8.8.8:53 hkygihl.net udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 dexnvyp.info udp
US 8.8.8.8:53 zwpqtco.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 twlgpub.org udp
US 8.8.8.8:53 hueivybopib.info udp
US 8.8.8.8:53 ajbevzp.info udp
US 8.8.8.8:53 mluydqzm.info udp
US 8.8.8.8:53 vuwntkn.com udp
US 8.8.8.8:53 sucuyquq.com udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 gpbpxipcbt.net udp
US 8.8.8.8:53 vqzebffsfkx.com udp
US 8.8.8.8:53 botnud.info udp
US 8.8.8.8:53 nwbfezsivtnz.info udp
US 8.8.8.8:53 jfrnaclwcqb.com udp
US 8.8.8.8:53 dckovkbbxa.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 oyjbxdz.net udp
US 8.8.8.8:53 winjoble.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 fjjyzujis.net udp
US 8.8.8.8:53 emgaomqgquyu.org udp
US 8.8.8.8:53 rfzvlbtyeq.net udp
US 8.8.8.8:53 gqgzondvrzhz.info udp
US 8.8.8.8:53 pwtabv.net udp
US 8.8.8.8:53 tuwejkcgxur.com udp
US 8.8.8.8:53 bnrdhmfrsyhs.info udp
US 8.8.8.8:53 odfhlrtueqn.info udp
US 8.8.8.8:53 igqykicwwm.org udp
US 8.8.8.8:53 oplwnylp.net udp
US 8.8.8.8:53 sulufclcoo.info udp
US 8.8.8.8:53 dwyalb.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 davizh.net udp
US 8.8.8.8:53 iusfdcg.info udp
US 8.8.8.8:53 bltwylpyqw.info udp
US 8.8.8.8:53 fvtaion.com udp
US 8.8.8.8:53 setehb.net udp
US 8.8.8.8:53 fgefjfhtn.com udp
US 8.8.8.8:53 fgrrcbbd.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 ymyiyiiwgc.org udp
US 8.8.8.8:53 igkmikbtt.info udp
US 8.8.8.8:53 wrxjhisgpz.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 eifjxqyr.net udp
US 8.8.8.8:53 oinitfnowjr.info udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 jvtwzel.info udp
US 8.8.8.8:53 sscsmkdytmtw.net udp
US 8.8.8.8:53 omyiqdljju.net udp
US 8.8.8.8:53 tniauw.info udp
US 8.8.8.8:53 qokowkmmssmy.com udp
US 8.8.8.8:53 twpmxsbgw.com udp
US 8.8.8.8:53 wotongd.info udp
US 8.8.8.8:53 lcjsrvmadygh.info udp
US 8.8.8.8:53 iuegioqoaoqu.com udp
US 8.8.8.8:53 litylqjwe.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 sdgahalflmgk.net udp
US 8.8.8.8:53 wolphbzgrfyw.info udp
US 8.8.8.8:53 egsmoo.org udp
US 8.8.8.8:53 sgawgi.com udp
US 8.8.8.8:53 wtnkrqu.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 fpcufldg.info udp
US 8.8.8.8:53 jcucisxelju.net udp
US 8.8.8.8:53 biekvmxei.info udp
US 8.8.8.8:53 byvnqcxamqr.org udp
US 8.8.8.8:53 oixeasfaskf.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 tbunsvv.info udp
US 8.8.8.8:53 rtysatewpifv.info udp
US 8.8.8.8:53 fsjmxal.info udp
US 8.8.8.8:53 cljcxgp.info udp
US 8.8.8.8:53 leqmkjvhsr.net udp
US 8.8.8.8:53 wsqmcw.com udp
US 8.8.8.8:53 bwvdgzmeqw.net udp
US 8.8.8.8:53 hzvgds.info udp
US 8.8.8.8:53 psdfjgfe.net udp
US 8.8.8.8:53 oeyxqerz.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 sjarohkbtu.net udp
US 8.8.8.8:53 qkelnqfam.net udp
US 8.8.8.8:53 gwxzxqxdred.net udp
US 8.8.8.8:53 scqqiceyei.com udp
US 8.8.8.8:53 bblumq.net udp
US 8.8.8.8:53 itjyvllhd.info udp
US 8.8.8.8:53 ewxibuxqu.info udp
US 8.8.8.8:53 kogaqqs.net udp
US 8.8.8.8:53 asyrkngu.info udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 zyzrndjmwbsa.info udp
US 8.8.8.8:53 ehcizd.net udp
US 8.8.8.8:53 nkhefczw.info udp
US 8.8.8.8:53 zifrjpdun.org udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 gahthmz.net udp
US 8.8.8.8:53 wuuayeymgc.org udp
US 8.8.8.8:53 qksyelorzodq.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 silexmj.net udp
US 8.8.8.8:53 bqbafqdevsn.org udp
US 8.8.8.8:53 japcxipmv.org udp
US 8.8.8.8:53 lkzfjexovgp.org udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 gunkxz.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 kitleitij.net udp
US 8.8.8.8:53 lgwvlqx.org udp
US 8.8.8.8:53 weuyxymoz.info udp
US 8.8.8.8:53 rafiiidmcwr.org udp
US 8.8.8.8:53 emgozqvgy.net udp
US 8.8.8.8:53 hkxzfjdcycbx.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 zeiuiczftmz.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 egfwzkfa.info udp
US 8.8.8.8:53 mhtmvwgmg.net udp
US 8.8.8.8:53 kinwfuz.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 hwfvtgex.net udp
US 8.8.8.8:53 rvdpzjpd.net udp
US 8.8.8.8:53 ejnmfqkorkv.net udp
US 8.8.8.8:53 tlqqikd.net udp
US 8.8.8.8:53 rtecnyuqa.org udp
US 8.8.8.8:53 afxugpnr.info udp
US 8.8.8.8:53 yuyyuocqaucw.org udp
US 8.8.8.8:53 cmdmjastkhqi.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 bkfmdgb.com udp
US 8.8.8.8:53 bpvdasyytk.info udp
US 8.8.8.8:53 oetcdedet.info udp
US 8.8.8.8:53 iumwucqsgy.org udp
US 8.8.8.8:53 hkwixdx.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 jnouuqtho.net udp
US 8.8.8.8:53 babhgcfsfch.org udp
US 8.8.8.8:53 geqtzw.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 osnulal.info udp
US 8.8.8.8:53 iaemyukiyg.org udp
US 8.8.8.8:53 isxifjoxofod.info udp
US 8.8.8.8:53 oskkuami.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 hapjpytov.net udp
US 8.8.8.8:53 iriozgyfklwg.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 xirchcbks.info udp
US 8.8.8.8:53 bvdgyvs.net udp
US 8.8.8.8:53 dtxmfpmgc.info udp
US 8.8.8.8:53 ntwbyznrdb.net udp
US 8.8.8.8:53 grhrzq.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 yqbsxwbudmc.info udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 ikcswm.org udp
US 8.8.8.8:53 vhzrmrhmdb.info udp
US 8.8.8.8:53 clzxha.info udp
US 8.8.8.8:53 bfrikt.net udp
US 8.8.8.8:53 susobtfwe.info udp
US 8.8.8.8:53 rvrdcltd.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 hfagnffoeere.info udp
US 8.8.8.8:53 gygagaugwk.org udp
US 8.8.8.8:53 kaqkuxbdps.net udp
US 8.8.8.8:53 bslmlcs.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 uooeamyyak.org udp
US 8.8.8.8:53 nrotwz.info udp
US 8.8.8.8:53 cydipipeu.info udp
US 8.8.8.8:53 hbjfdkijib.net udp
US 8.8.8.8:53 ctndzrnvrtxs.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 mtvlmkrsqr.net udp
US 8.8.8.8:53 lynyfdz.info udp
US 8.8.8.8:53 vtybeqngwsxz.net udp
US 8.8.8.8:53 fvryxy.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 bqaixmy.info udp
US 8.8.8.8:53 utwvlcvjzbdz.info udp
US 8.8.8.8:53 dpfmnyksl.com udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 smsuay.org udp
US 8.8.8.8:53 vaoivcnnmv.net udp
US 8.8.8.8:53 nonwnllbpr.info udp
US 8.8.8.8:53 yjactabqz.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 tpjgbtqmxtbv.info udp
US 8.8.8.8:53 hqxkyv.net udp
US 8.8.8.8:53 iwzsjio.info udp
US 8.8.8.8:53 sjtdggweb.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 wghansrji.info udp
US 8.8.8.8:53 rwlmluzkv.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 vxmcwyyiwmyv.info udp
US 8.8.8.8:53 qrnqqwbzqz.net udp
US 8.8.8.8:53 otydxyvqc.net udp
US 8.8.8.8:53 rkhxswncd.info udp
US 8.8.8.8:53 lhuciewu.info udp
US 8.8.8.8:53 oxgzva.net udp
US 8.8.8.8:53 fuoskmyvx.com udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 mkxopyccd.net udp
US 8.8.8.8:53 oycwjqh.net udp
US 8.8.8.8:53 jubijouungb.com udp
US 8.8.8.8:53 ngivxs.info udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 qkcmkuuo.com udp
US 8.8.8.8:53 taejrnsalwl.com udp
US 8.8.8.8:53 ldvcxim.com udp
US 8.8.8.8:53 zcpsxntjjgj.com udp
US 8.8.8.8:53 ykkisaii.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 brtevwtcghet.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 eaoqkc.org udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 nynfvafcolh.com udp
US 8.8.8.8:53 qkwwaaksum.com udp
US 8.8.8.8:53 pehmbspfxdfx.info udp
US 8.8.8.8:53 gojmyymi.net udp
US 8.8.8.8:53 zswlotjwr.com udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 gyciwoumcqmg.com udp
US 8.8.8.8:53 hhrjcblowb.net udp
US 8.8.8.8:53 wtqpmt.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 cfqhldpnrz.net udp
US 8.8.8.8:53 nukwttnd.info udp
US 8.8.8.8:53 icloeonwh.net udp
US 8.8.8.8:53 huzvlc.info udp
US 8.8.8.8:53 cqnmtqmk.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 tyrbloaobqd.info udp
US 8.8.8.8:53 oumuxk.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 xyyhgk.net udp
US 8.8.8.8:53 njcawpsihpii.info udp
US 8.8.8.8:53 gljdjksz.info udp
US 8.8.8.8:53 vkfltky.org udp
US 8.8.8.8:53 gluznlduld.info udp
US 8.8.8.8:53 kugsmgae.org udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 tpcxzwnl.net udp
US 8.8.8.8:53 ghptrswqlr.net udp
US 8.8.8.8:53 csyztut.net udp
US 8.8.8.8:53 sfzitb.info udp
US 8.8.8.8:53 fynhldb.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 xkeyibpjhi.info udp
US 8.8.8.8:53 eycysmmsck.org udp
US 8.8.8.8:53 yalwntbzyome.info udp
US 8.8.8.8:53 pavfreagnb.net udp
US 8.8.8.8:53 iuayokmc.org udp
US 8.8.8.8:53 usqefgikxe.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 zwkynx.net udp
US 8.8.8.8:53 cifybsdqx.info udp
US 8.8.8.8:53 ytymsdjrxwj.net udp
US 8.8.8.8:53 chmislrhaiss.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 qsqmbjl.net udp
US 8.8.8.8:53 nentbct.info udp
US 8.8.8.8:53 mmeswkomymoi.com udp
US 8.8.8.8:53 jtaelkhtfr.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 isgawewi.org udp
US 8.8.8.8:53 axcxmlnw.net udp
US 8.8.8.8:53 vcpmhqv.com udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 guucsm.com udp
US 8.8.8.8:53 jyerwuk.net udp
US 8.8.8.8:53 dvgopqcoieh.com udp
US 8.8.8.8:53 iygeysaysa.org udp
US 8.8.8.8:53 yylhgvrkaf.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 gmiyuq.com udp
US 8.8.8.8:53 eqaukoyw.com udp
US 8.8.8.8:53 kiuqqksseyge.com udp
US 8.8.8.8:53 brcpou.info udp
US 8.8.8.8:53 ixtiejeshyh.net udp
US 8.8.8.8:53 htnxhuryn.org udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 osgsbatgk.net udp
US 8.8.8.8:53 jutnsfbkfdyc.info udp
US 8.8.8.8:53 zfzgnjff.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 jmoskjkhik.net udp
US 8.8.8.8:53 pvuefsqot.net udp
US 8.8.8.8:53 outybvm.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 xrhgxh.net udp
US 8.8.8.8:53 pcliiqcil.net udp
US 8.8.8.8:53 zwnaousnrzr.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 mkawqy.com udp
US 8.8.8.8:53 aidwkhpswml.info udp
US 8.8.8.8:53 rccmdwtjk.net udp
US 8.8.8.8:53 wztqbnaid.info udp
US 8.8.8.8:53 xkdujo.net udp
US 8.8.8.8:53 xnleesr.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 kdknyaod.net udp
US 8.8.8.8:53 hwhidv.net udp
US 8.8.8.8:53 ampagwc.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 txctns.net udp
US 8.8.8.8:53 foxdatbukn.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 zmrntd.net udp
US 8.8.8.8:53 zhwolmpyogax.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 osskoy.org udp
US 8.8.8.8:53 dchgstyh.info udp
US 8.8.8.8:53 urbcxxrtts.net udp
US 8.8.8.8:53 dzuljdrrlfvv.net udp
US 8.8.8.8:53 yyvcpklsbyl.net udp
US 8.8.8.8:53 yrhwjdtdoxqn.net udp
US 8.8.8.8:53 esshdmhmxqpu.info udp
US 8.8.8.8:53 lnzojmzwxnb.org udp
US 8.8.8.8:53 lmxklpv.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 xkhchtbk.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 acwsasewaege.org udp
US 8.8.8.8:53 mcuafcx.net udp
US 8.8.8.8:53 aamzlv.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 okhrtih.net udp
US 8.8.8.8:53 ntxfaaqvrnje.net udp
US 8.8.8.8:53 gaigoqyocm.org udp
US 8.8.8.8:53 kbvomd.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 uegeqoskua.com udp
US 8.8.8.8:53 odjamufq.info udp
US 8.8.8.8:53 fopxpqp.net udp
US 8.8.8.8:53 isggiwieau.com udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 skamuiyaei.com udp
US 8.8.8.8:53 ttctzqrg.net udp
US 8.8.8.8:53 wmeyeq.com udp
US 8.8.8.8:53 jizoaqd.info udp
US 8.8.8.8:53 skkkgiygim.org udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 qhzdrgddid.info udp
US 8.8.8.8:53 ywsyms.com udp
US 8.8.8.8:53 pifynqrwfkr.net udp
US 8.8.8.8:53 cauuaeyuuaku.com udp
US 8.8.8.8:53 dcijrj.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 fypvvuibdupq.net udp
US 8.8.8.8:53 puigdybmag.net udp
US 8.8.8.8:53 okrbhndwou.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 iyxdly.info udp
US 8.8.8.8:53 asaecauq.com udp
US 8.8.8.8:53 pupspsnppyd.org udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 mqiagw.com udp
US 8.8.8.8:53 nhpmzszysbb.info udp
US 8.8.8.8:53 maxxywxlt.info udp
US 8.8.8.8:53 lztmhadylgg.org udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 wcugoykaso.com udp
US 8.8.8.8:53 egnijmh.info udp
US 8.8.8.8:53 cxikqbbcucdn.info udp
US 8.8.8.8:53 xkrgbjvnnkt.net udp
US 8.8.8.8:53 ccikmuie.org udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 mmecwoqmgeom.com udp
US 8.8.8.8:53 uwdmrizmaogv.net udp
US 8.8.8.8:53 xmsmnujih.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 dvbustwm.info udp
US 8.8.8.8:53 sswsokouge.org udp
US 8.8.8.8:53 qknaxkwkj.info udp
US 8.8.8.8:53 lggtfyefy.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 yuwzoxfnrn.info udp
US 8.8.8.8:53 rwqyzgpvf.org udp
US 8.8.8.8:53 bjzhpl.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 fnnpkfbif.net udp
US 8.8.8.8:53 vuhszqkkc.info udp
US 8.8.8.8:53 banghno.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 woxtxb.net udp
US 8.8.8.8:53 xknjobnmvl.info udp
US 8.8.8.8:53 hqmplmldnap.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 nqluex.net udp
US 8.8.8.8:53 pxbmssf.org udp
US 8.8.8.8:53 cigykmaewkuu.org udp
US 8.8.8.8:53 ysxdevyt.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 zsjczvizgaxb.net udp
US 8.8.8.8:53 ywimgeuw.com udp
US 8.8.8.8:53 cnzrvi.info udp
US 8.8.8.8:53 pihgxcdph.com udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 xcrcqqlsgobp.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 ujrmaog.net udp
US 8.8.8.8:53 fecstsqaqwv.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 zdaddiv.net udp
US 8.8.8.8:53 wdncpgz.net udp
US 8.8.8.8:53 ojsjolelqc.net udp
US 8.8.8.8:53 rqrgbnf.net udp
US 8.8.8.8:53 ueksoqkegu.org udp
US 8.8.8.8:53 gcuwmcscuyoc.org udp
US 8.8.8.8:53 pelcunhypcad.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 mkcwmgeemwgs.org udp
US 8.8.8.8:53 fjvqudllefnu.net udp
US 8.8.8.8:53 aouzbhuebgbo.net udp
US 8.8.8.8:53 iyjfiga.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 qnuynvrum.net udp
US 8.8.8.8:53 rkpkjhrvnols.net udp
US 8.8.8.8:53 upiwrowaz.info udp
US 8.8.8.8:53 owamcgimkk.com udp
US 8.8.8.8:53 cjmcshuh.net udp
US 8.8.8.8:53 gwkgiyoqws.org udp
US 8.8.8.8:53 znhvvmu.com udp
US 8.8.8.8:53 atmpxnfgbjjb.info udp
US 8.8.8.8:53 ccpefysyzvp.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 ghtstkpt.net udp
US 8.8.8.8:53 twjcku.info udp
US 8.8.8.8:53 nmpqlbdct.info udp
US 8.8.8.8:53 znlqvcd.net udp
US 8.8.8.8:53 ysmcisik.org udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 xfjojplaqh.net udp
US 8.8.8.8:53 umagawomqacy.com udp
US 8.8.8.8:53 cixjdzqqvl.net udp
US 8.8.8.8:53 aqmcqe.com udp
US 8.8.8.8:53 qhlmbkr.net udp
US 8.8.8.8:53 jbqodyjqf.org udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 titxfzrqdan.org udp
US 8.8.8.8:53 bcridmrnxgv.org udp
US 8.8.8.8:53 lwvlozyu.net udp
US 8.8.8.8:53 didizir.info udp
US 8.8.8.8:53 besguaoaxovl.info udp
US 8.8.8.8:53 ptdjmtnanl.info udp
US 8.8.8.8:53 mgvnpyc.info udp
US 8.8.8.8:53 tmiezofep.com udp
US 8.8.8.8:53 heajuh.info udp
US 8.8.8.8:53 wqkwiuco.com udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 fyxbphlmv.org udp
US 8.8.8.8:53 rizafehawue.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 hnxnhnoh.info udp
US 8.8.8.8:53 vynmptj.org udp
US 8.8.8.8:53 pmlwffqh.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 txrwkounzktq.net udp
US 8.8.8.8:53 bikyqfjyztrz.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 guaaco.info udp
US 8.8.8.8:53 zwrcxbnijehl.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 eaeyquugik.com udp
US 8.8.8.8:53 syxkqwbejgvf.net udp
US 8.8.8.8:53 fezomg.info udp
US 8.8.8.8:53 asyeaaam.org udp
US 8.8.8.8:53 kuhcluhaqvn.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 qawfsmkxjcaq.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 hjuypato.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 wxrgagtkn.info udp
US 8.8.8.8:53 ymtciqzxhvbq.info udp
US 8.8.8.8:53 xwkoxcluzi.info udp
US 8.8.8.8:53 wsannozhhquu.net udp
US 8.8.8.8:53 peyjvkhbdb.net udp
US 8.8.8.8:53 gkxvvas.info udp
US 8.8.8.8:53 jojllqzskz.info udp
US 8.8.8.8:53 edxsin.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 vllbrcdbjat.org udp
US 8.8.8.8:53 xtbgzyxf.net udp
US 8.8.8.8:53 ukacki.com udp
US 8.8.8.8:53 tstwstx.net udp
US 8.8.8.8:53 hgvdhvzbly.net udp
US 8.8.8.8:53 wqyogccmcoko.org udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 hmgcfjantz.info udp
US 8.8.8.8:53 rvjckbwq.net udp
US 8.8.8.8:53 noohngh.info udp
US 8.8.8.8:53 dsaasfon.net udp
US 8.8.8.8:53 scqmfqzyf.info udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 oqguuwqgco.org udp
US 8.8.8.8:53 gwiatcmf.net udp
US 8.8.8.8:53 cddungwtdrrt.net udp
US 8.8.8.8:53 yixrcu.info udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 tkpyxceetkg.net udp
US 8.8.8.8:53 fhakpa.info udp
US 8.8.8.8:53 sfqnpj.info udp
US 8.8.8.8:53 rsbccmoqb.org udp
US 8.8.8.8:53 rwbaesd.com udp
US 8.8.8.8:53 yfjqxqqcbyt.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 kqmeqmmeog.org udp
US 8.8.8.8:53 vqdklijyf.net udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 izgeepwt.info udp
US 8.8.8.8:53 lnldxhsqre.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 laebpon.com udp
US 8.8.8.8:53 awnnwooqnqr.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 ysokygceosow.org udp
US 8.8.8.8:53 iywygqqkss.org udp
US 8.8.8.8:53 rcbgrvy.info udp
US 8.8.8.8:53 ewuaksmyqi.org udp
US 8.8.8.8:53 wvhgfj.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 erwoegn.net udp
US 8.8.8.8:53 rtysxhag.net udp
US 8.8.8.8:53 ervmuo.net udp
US 8.8.8.8:53 xzzmuysh.info udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 tsvyxgzcvrq.org udp
US 8.8.8.8:53 eirznpxmpmd.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 yudenof.net udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 aludzadh.net udp
US 8.8.8.8:53 rmaecuolqqyb.info udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 behwhthaj.info udp
US 8.8.8.8:53 rvamdtuvn.com udp
US 8.8.8.8:53 coylbabolaz.net udp
US 8.8.8.8:53 gkzxbfblbs.info udp
US 8.8.8.8:53 omtcvam.info udp
US 8.8.8.8:53 wmcipux.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 zoxgvnbgm.org udp
US 8.8.8.8:53 upfhlv.net udp
US 8.8.8.8:53 fkmzdvhtlx.info udp
US 8.8.8.8:53 zmxupxv.net udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 umgokkyqgsui.com udp
US 8.8.8.8:53 rqpkraf.info udp
US 8.8.8.8:53 agbtcjfqxe.net udp
US 8.8.8.8:53 hlzulujwn.com udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 czvmfinwzgz.info udp
US 8.8.8.8:53 lenqtmtrf.org udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 wbxtsa.net udp
US 8.8.8.8:53 vyxxhkb.net udp
US 8.8.8.8:53 rwheiotkvwx.com udp
US 8.8.8.8:53 euxmbgicrcj.info udp
US 8.8.8.8:53 vsopicu.info udp
US 8.8.8.8:53 jkrzmgklbr.net udp
US 8.8.8.8:53 mcvgvkvbyy.info udp
US 8.8.8.8:53 mcmaoaakga.org udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 jivvjiqugij.com udp
US 8.8.8.8:53 asumqyoqyc.com udp
US 8.8.8.8:53 rsiqymtzbozl.info udp
US 8.8.8.8:53 fclqbetif.org udp
US 8.8.8.8:53 vtgavpgc.info udp
US 8.8.8.8:53 iyimksuoiy.com udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 fkymcjpadqo.org udp
US 8.8.8.8:53 lxxjpb.net udp
US 8.8.8.8:53 bsjgxxldiss.com udp
US 8.8.8.8:53 kvgwwepor.info udp
US 8.8.8.8:53 pyjmfrh.org udp
US 8.8.8.8:53 jngrkofd.net udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 ascykeqmoi.com udp
US 8.8.8.8:53 jubwjk.net udp
US 8.8.8.8:53 nfqyzozd.net udp
US 8.8.8.8:53 owsacw.com udp
US 8.8.8.8:53 tnxuihwqr.net udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 sgjaesf.info udp
US 8.8.8.8:53 esdxszacgjjb.info udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 gcskyk.com udp
US 8.8.8.8:53 giguqqus.com udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 dgjnmkkilar.net udp
US 8.8.8.8:53 mzosidhkei.net udp
US 8.8.8.8:53 lavuric.com udp
US 8.8.8.8:53 dnlljsoca.com udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 tknrxkz.com udp
US 8.8.8.8:53 odfmvcdzz.info udp
US 8.8.8.8:53 ocoocicweqyq.org udp
US 8.8.8.8:53 okossimgemgs.org udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 sovizaa.info udp
US 8.8.8.8:53 yaooai.info udp
US 8.8.8.8:53 opygqqqcl.info udp
US 8.8.8.8:53 fsvccqtsu.net udp
US 8.8.8.8:53 kwfxpsky.net udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 xnfyzyxmasjb.net udp
US 8.8.8.8:53 nyjcye.info udp
US 8.8.8.8:53 ahjoaqjwdxf.info udp
US 8.8.8.8:53 cudqfcuxkuyv.info udp
US 8.8.8.8:53 qjkmegbi.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 rltaccyr.info udp
US 8.8.8.8:53 xgnmfeiar.info udp
US 8.8.8.8:53 pjcmbensz.com udp
US 8.8.8.8:53 pihdthxep.info udp
US 8.8.8.8:53 yooeas.org udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 blhdzt.info udp
US 8.8.8.8:53 zrbreem.net udp
US 8.8.8.8:53 wmwyeyuqskuk.com udp
US 8.8.8.8:53 lqdrtopobqj.info udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 dvmjwdjlvp.net udp
US 8.8.8.8:53 mwgcaamqwcwu.com udp
US 8.8.8.8:53 wucgkyn.net udp
US 8.8.8.8:53 iebobuuekqr.net udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 vocsrh.info udp
US 8.8.8.8:53 hafresj.net udp
US 8.8.8.8:53 vqdmoxlojol.net udp
US 8.8.8.8:53 ioxsxsxfd.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 mmduceuqlnf.info udp
US 8.8.8.8:53 twxklyd.org udp
US 8.8.8.8:53 vvxmdd.net udp
US 8.8.8.8:53 qntbcrwfjbf.info udp
US 8.8.8.8:53 mxtsrnuu.net udp
US 8.8.8.8:53 felsforcy.org udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 xmvchcslp.info udp
US 8.8.8.8:53 cpsqtwszuee.net udp
US 8.8.8.8:53 skcowg.com udp
US 8.8.8.8:53 gnnbyqddrdv.info udp
US 8.8.8.8:53 iafuhnb.net udp
US 8.8.8.8:53 bxxwgblp.info udp
US 8.8.8.8:53 jphwru.info udp
US 8.8.8.8:53 tcfuixy.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 hkrcebpk.info udp
US 8.8.8.8:53 riqkbl.net udp
US 8.8.8.8:53 adyqnmo.info udp
US 8.8.8.8:53 vczazmfdsgx.info udp
US 8.8.8.8:53 aeustqlcgns.net udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 xcgwemtlr.info udp
US 8.8.8.8:53 yeuaykuyiuoc.com udp
US 8.8.8.8:53 nhymmtng.info udp
US 8.8.8.8:53 xerdnelor.org udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 dryzbutsk.com udp
US 8.8.8.8:53 drhqhcu.net udp
US 8.8.8.8:53 ogrnbaiezs.net udp
US 8.8.8.8:53 ncrrak.info udp
US 8.8.8.8:53 tbwjkcjgbef.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 rudshtffeh.info udp
US 8.8.8.8:53 ejpalhvxmb.net udp
US 8.8.8.8:53 bykujnzrl.org udp
US 8.8.8.8:53 msoiygcw.org udp

Files

C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe

MD5 7adc117b345b9bc8d96d7b574350ef60
SHA1 19a1cee31c1bd605302e4354999e72b52cb5b590
SHA256 a4287c444430c174adfa2d98a1b5868cedc9f077931521d18a42175f76340bb1
SHA512 81e5c8a69143f894872cd802c2db7adce7c46cabd565729c1c7b53289e084bc6d7e29b4b971d2fa0a846fffeee6653feb93e55a09f27f3592c9cc9395d1352d4

C:\Windows\SysWOW64\ndzqgapiavvdnepupf.exe

MD5 b440589d0ee46569ca9013e1c4f70261
SHA1 39a762dc54d82d9599677234cc14856c616689c5
SHA256 8ca695115227d8c7562dd4cd271fbffe9bb4eca124c6248b1f4ab40075883830
SHA512 9650a7cc2a9ade07291b4c6b0fd441ae2b0bd2aa9eed5061db786c1eb56494eab6a6e63356f30d55ec780b2081ec0712753f9daac8a0ab8eef8a886c7238fb33

C:\Users\Admin\AppData\Local\Temp\lpzeiq.exe

MD5 1eba1d42f0e78dfab1a2e8efd9097d5c
SHA1 a3095899a3235e03e6f43a221464922485baae92
SHA256 44a1e2a94219bb1eac626755b725f23947fc15696686951aa0288d44b9561b43
SHA512 c5d7a05ffebff279d46b358d0478b3f3b75bdca0ca6b61b0188b335df8c0d0102fc5c84326394c446f39ab10572a87f6775938c54777d397a2ba8be8762ec17c

C:\Users\Admin\AppData\Local\admqtacinvidaecucfosvcekpxk.cge

MD5 e5c894377aa1d7a267c33ce582c96df6
SHA1 0cc4d0088d86b08b45667bfeb9d565b7222400e7
SHA256 8c93a8152663bd380dfc3c73b6a3481d7b59dc4b1582abfb53c455b4ae202989
SHA512 66b96b3013c00e7074152b70ae4a7d0bac4ec58123c0f2ce1e024a5ad9dda3eb6a11f2e589d9c1c39f5971262fac82d773d0022228ebdd3e6082906bb7babe4f

C:\Users\Admin\AppData\Local\xlfuianeunlrzoxathbqewjaqjhnvktwpdxmas.wmf

MD5 aaa0b86fa293723229b460326fb9bc3c
SHA1 1f43c90881b1aa63834bf7c7bc9f13406cfc1000
SHA256 13795577fa2044caf8146190482970a6a1a1190e4a379511cfff1020403c206d
SHA512 e5ae020824f1eb8c2d06125b0d4ae44b63a0585b24c12dd8eb8dd5360e27dd5cbcc4d8b96a970396b32b47f777215efb068fd370ababb99c0406191e9248aff4

C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge

MD5 97fa3366fa49240151ef49501d907dd6
SHA1 e9ef8c72051832a3aaab9f8be862f07b27192ef8
SHA256 b0a8015e2354dddb63cad9b6f23017b23e4a0025773f862b2fb88e801be21805
SHA512 8bbf672d224e32b58dc3968c804783259fc90f84d5a440321f311c115f5c11ea95f1c3c88a347fe8e1cf758ce445e81eb25088f5f5a070bc3af622e24d45f568

C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge

MD5 49496caa2f1d700aafc3fafb5022a69f
SHA1 6e9aea80ee8031ba33d91b1f6796fdb4d141183c
SHA256 fd381aab8d3a3da7b9c74801ba1a6fdcc8299a1ba56ace36946b5761b0e00137
SHA512 56877d247c644167240e4ab5d9d9512f5fb54bbab45d5343f4ddadf3d2d6ea047972ba7a6154559bd1627193f65a252b95ae5d2dac49a99e8b5851c38b2e01ce

C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge

MD5 6f3353e0cf27b546aae57866ccfd33a3
SHA1 aded0b60c67eb0b03622413622f3a9512f98d634
SHA256 363c18bd8c2c52cc92cce149a5cf6d52df3aeca19a68b6e58c10eb2a04290a9d
SHA512 9993d9288c13f88593f5569d3fa55fd1f082a1c309027c778cdcdfe5c1a1d1e86399a6b48a8afdec915de9ac33cab2d703f6eab02d8b14a78ec6858014820635

C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge

MD5 e6ea986dceb586dec3ded0f02fd2adec
SHA1 b206d12a130eb04764ae95d227f2887b5a656ee1
SHA256 16901a0dc5010e11cc869e6972915da8dbf860df47f6ec2f3051bc82690b787d
SHA512 2591aba0892c0a7168cd3d78f28c876b81b409de2674d0b449571e4fa94a5158ac098c3ded2a17c0244a356790cf35034c2994df79abf646725d3df208b490f8

C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge

MD5 19bd538851ecbe10752cc04bf8a5f274
SHA1 aaac67c07ff76bb9f72151a16c61aa8fe6e27ff8
SHA256 10dcdc6b2c5a01ef7561c23a7c3393b1e51b05793b53d9669d30ae59ae7ce251
SHA512 a7adc0328318fea65addfe350b00094f7f0a20ee5138c026597cf9381895eb3cf7977bd6e0091b5f5d2bd405caad31368e815958638c527f88a25249c8ce70e8

C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge

MD5 1341890a65852138aaaec9f7884b1d51
SHA1 515bcc4fcbddeaba4b0533415d633bbf0459f17d
SHA256 0d8359caf74f0273e48ec986aafc934a792d0915261df99ae32d11148d708a13
SHA512 3f089872bdd173c02a149716935b504273228ac26949f972455add789fa1ea98cea9916b722c98e9f4dfdc4edf2bf0453fccfaa316a314afcf7e56106bc46acd

C:\Program Files (x86)\admqtacinvidaecucfosvcekpxk.cge

MD5 b3b0141aa1faa0672197208af2a4ece5
SHA1 b56f55f99864633ad8afdbee01527497229ac498
SHA256 769acb7eccb35ef5739aa0e27c053c5fe862f669ea898a12bec95d79ce2bf831
SHA512 f2805c6900d4abd6a65e01d89bcca797b7409bbfe0ea8e4fe127949c5df7cf3a665070ed101b46caf6ac8febd61471c7682eeff096f892410c4b91b0d5571be8