Malware Analysis Report

2025-08-10 16:34

Sample ID 250413-mjxs6atlt4
Target JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4
SHA256 a8bea21f2d08a4952d7349aac02b6c9e0a73bf9d0ca54aeffb1db631adbac518
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a8bea21f2d08a4952d7349aac02b6c9e0a73bf9d0ca54aeffb1db631adbac518

Threat Level: Known bad

The file JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa family

Pykspa

UAC bypass

Modifies WinLogon for persistence

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Blocklisted process makes network request

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks computer location settings

Looks up external IP address via web service

Adds Run key to start application

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-13 10:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-13 10:30

Reported

2025-04-13 10:32

Platform

win10v2004-20250314-en

Max time kernel

44s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ocamakioealzesq = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lwralsnqdwep = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tihujutaroapvkjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tihujutaroapvkjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\tihujutaroapvkjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\tihujutaroapvkjv.exe N/A
N/A N/A C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
N/A N/A C:\Windows\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Windows\tihujutaroapvkjv.exe N/A
N/A N/A C:\Windows\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
N/A N/A C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
N/A N/A C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
N/A N/A C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Windows\tihujutaroapvkjv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Windows\tihujutaroapvkjv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\jabqhuvexwkbjabppd.exe N/A
N/A N/A C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Windows\jabqhuvexwkbjabppd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
N/A N/A C:\Windows\tihujutaroapvkjv.exe N/A
N/A N/A C:\Windows\aqqeuggogerhoeerq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
N/A N/A C:\Windows\haduncfqlmcvfybrtjcf.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "wqumgwamikbvgaevypjnf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "aqqeuggogerhoeerq.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "tihujutaroapvkjv.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "umoewkmwqqfxgyapqfx.exe ." C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "aqqeuggogerhoeerq.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "haduncfqlmcvfybrtjcf.exe ." C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "wqumgwamikbvgaevypjnf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "tihujutaroapvkjv.exe ." C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "tihujutaroapvkjv.exe ." C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aqqeuggogerhoeerq.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "aqqeuggogerhoeerq.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kwscowswkenzc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\haduncfqlmcvfybrtjcf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "tihujutaroapvkjv.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tihujutaroapvkjv = "aqqeuggogerhoeerq.exe" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aqqeuggogerhoeerq = "jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\umoewkmwqqfxgyapqfx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wqumgwamikbvgaevypjnf.exe" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\umoewkmwqqfxgyapqfx.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lyvgtczetoylpc = "haduncfqlmcvfybrtjcf.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jabqhuvexwkbjabppd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jabqhuvexwkbjabppd.exe ." C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\SysWOW64\nqdehgtoteehberrddgtuxwjej.uxr C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\SysWOW64\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File created C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Program Files (x86)\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File created C:\Program Files (x86)\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File created C:\Windows\nqdehgtoteehberrddgtuxwjej.uxr C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
File opened for modification C:\Windows\haduncfqlmcvfybrtjcf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\jabqhuvexwkbjabppd.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
File opened for modification C:\Windows\ningbsxkhkcxjejbfxsxql.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tihujutaroapvkjv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tihujutaroapvkjv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tihujutaroapvkjv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\umoewkmwqqfxgyapqfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\haduncfqlmcvfybrtjcf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wqumgwamikbvgaevypjnf.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3948 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3948 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3948 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4584 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Windows\aqqeuggogerhoeerq.exe
PID 4584 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Windows\aqqeuggogerhoeerq.exe
PID 4584 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Windows\aqqeuggogerhoeerq.exe
PID 1296 wrote to memory of 3324 N/A C:\Windows\system32\cmd.exe C:\Windows\umoewkmwqqfxgyapqfx.exe
PID 1296 wrote to memory of 3324 N/A C:\Windows\system32\cmd.exe C:\Windows\umoewkmwqqfxgyapqfx.exe
PID 1296 wrote to memory of 3324 N/A C:\Windows\system32\cmd.exe C:\Windows\umoewkmwqqfxgyapqfx.exe
PID 3324 wrote to memory of 5088 N/A C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3324 wrote to memory of 5088 N/A C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3324 wrote to memory of 5088 N/A C:\Windows\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4940 wrote to memory of 3536 N/A C:\Windows\system32\cmd.exe C:\Windows\tihujutaroapvkjv.exe
PID 4940 wrote to memory of 3536 N/A C:\Windows\system32\cmd.exe C:\Windows\tihujutaroapvkjv.exe
PID 4940 wrote to memory of 3536 N/A C:\Windows\system32\cmd.exe C:\Windows\tihujutaroapvkjv.exe
PID 4880 wrote to memory of 3336 N/A C:\Windows\system32\cmd.exe C:\Windows\wqumgwamikbvgaevypjnf.exe
PID 4880 wrote to memory of 3336 N/A C:\Windows\system32\cmd.exe C:\Windows\wqumgwamikbvgaevypjnf.exe
PID 4880 wrote to memory of 3336 N/A C:\Windows\system32\cmd.exe C:\Windows\wqumgwamikbvgaevypjnf.exe
PID 1104 wrote to memory of 5304 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1104 wrote to memory of 5304 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1104 wrote to memory of 5304 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3336 wrote to memory of 4828 N/A C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3336 wrote to memory of 4828 N/A C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3336 wrote to memory of 4828 N/A C:\Windows\wqumgwamikbvgaevypjnf.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 4472 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 4472 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 4472 wrote to memory of 3176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 3176 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3176 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3176 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 1212 wrote to memory of 1548 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
PID 1212 wrote to memory of 1548 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
PID 1212 wrote to memory of 1548 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe
PID 5568 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 5568 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 5568 wrote to memory of 1328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 1328 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 1328 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 1328 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 3544 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
PID 3544 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
PID 3544 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
PID 3544 wrote to memory of 5672 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
PID 3544 wrote to memory of 5672 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
PID 3544 wrote to memory of 5672 N/A C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe C:\Users\Admin\AppData\Local\Temp\uaquacs.exe
PID 3448 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Windows\haduncfqlmcvfybrtjcf.exe
PID 3448 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Windows\haduncfqlmcvfybrtjcf.exe
PID 3448 wrote to memory of 1728 N/A C:\Windows\system32\cmd.exe C:\Windows\haduncfqlmcvfybrtjcf.exe
PID 2008 wrote to memory of 6132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 2008 wrote to memory of 6132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 2008 wrote to memory of 6132 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe
PID 704 wrote to memory of 5644 N/A C:\Windows\system32\cmd.exe C:\Windows\tihujutaroapvkjv.exe
PID 704 wrote to memory of 5644 N/A C:\Windows\system32\cmd.exe C:\Windows\tihujutaroapvkjv.exe
PID 704 wrote to memory of 5644 N/A C:\Windows\system32\cmd.exe C:\Windows\tihujutaroapvkjv.exe
PID 6024 wrote to memory of 5480 N/A C:\Windows\system32\cmd.exe C:\Windows\aqqeuggogerhoeerq.exe
PID 6024 wrote to memory of 5480 N/A C:\Windows\system32\cmd.exe C:\Windows\aqqeuggogerhoeerq.exe
PID 6024 wrote to memory of 5480 N/A C:\Windows\system32\cmd.exe C:\Windows\aqqeuggogerhoeerq.exe
PID 5644 wrote to memory of 220 N/A C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5644 wrote to memory of 220 N/A C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5644 wrote to memory of 220 N/A C:\Windows\tihujutaroapvkjv.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5480 wrote to memory of 1692 N/A C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5480 wrote to memory of 1692 N/A C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 5480 wrote to memory of 1692 N/A C:\Windows\aqqeuggogerhoeerq.exe C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe
PID 2064 wrote to memory of 3416 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\uaquacs.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe"

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b45ce61349c8fd0044f2bf10ac4d34b4.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\uaquacs.exe

"C:\Users\Admin\AppData\Local\Temp\uaquacs.exe" "-C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe"

C:\Users\Admin\AppData\Local\Temp\uaquacs.exe

"C:\Users\Admin\AppData\Local\Temp\uaquacs.exe" "-C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\pibrplzwlhgwpzsvlnle.exe

pibrplzwlhgwpzsvlnle.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqfrldngrjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cumbytgcqljyqzrtijg.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\bqfrldngrjeqflaz.exe

bqfrldngrjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\bqfrldngrjeqflaz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\cumbytgcqljyqzrtijg.exe

cumbytgcqljyqzrtijg.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\riznjdpkxroctbsthh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe .

C:\Windows\pibrplzwlhgwpzsvlnle.exe

pibrplzwlhgwpzsvlnle.exe .

C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\bqfrldngrjeqflaz.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\pibrplzwlhgwpzsvlnle.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\aqqeuggogerhoeerq.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe

C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\aqqeuggogerhoeerq.exe

aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\riznjdpkxroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\riznjdpkxroctbsthh.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\wqumgwamikbvgaevypjnf.exe*."

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\pibrplzwlhgwpzsvlnle.exe*."

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\haduncfqlmcvfybrtjcf.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\pibrplzwlhgwpzsvlnle.exe

pibrplzwlhgwpzsvlnle.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pibrplzwlhgwpzsvlnle.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\pibrplzwlhgwpzsvlnle.exe

pibrplzwlhgwpzsvlnle.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bqfrldngrjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iyobwpaugzviyfvvi.exe .

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\pibrplzwlhgwpzsvlnle.exe*."

C:\Windows\bqfrldngrjeqflaz.exe

bqfrldngrjeqflaz.exe

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\aqqeuggogerhoeerq.exe*."

C:\Windows\iyobwpaugzviyfvvi.exe

iyobwpaugzviyfvvi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\eysjifusiffwqbvzqtsmg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\iyobwpaugzviyfvvi.exe*."

C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe

C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe

C:\Users\Admin\AppData\Local\Temp\eysjifusiffwqbvzqtsmg.exe

C:\Users\Admin\AppData\Local\Temp\eysjifusiffwqbvzqtsmg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\eysjifusiffwqbvzqtsmg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe

C:\Users\Admin\AppData\Local\Temp\cumbytgcqljyqzrtijg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe

C:\Users\Admin\AppData\Local\Temp\pibrplzwlhgwpzsvlnle.exe .

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\pibrplzwlhgwpzsvlnle.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tihujutaroapvkjv.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\tihujutaroapvkjv.exe

tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\tihujutaroapvkjv.exe*."

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\tihujutaroapvkjv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\tihujutaroapvkjv.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c umoewkmwqqfxgyapqfx.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\umoewkmwqqfxgyapqfx.exe

umoewkmwqqfxgyapqfx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c haduncfqlmcvfybrtjcf.exe .

C:\Windows\haduncfqlmcvfybrtjcf.exe

haduncfqlmcvfybrtjcf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\haduncfqlmcvfybrtjcf.exe*."

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Windows\jabqhuvexwkbjabppd.exe

jabqhuvexwkbjabppd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\haduncfqlmcvfybrtjcf.exe

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\jabqhuvexwkbjabppd.exe*."

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe

C:\Users\Admin\AppData\Local\Temp\jabqhuvexwkbjabppd.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\jabqhuvexwkbjabppd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Users\Admin\AppData\Local\Temp\aqqeuggogerhoeerq.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\puzblt.exe

"C:\Users\Admin\AppData\Local\Temp\puzblt.exe" "-C:\Users\Admin\AppData\Local\Temp\bqfrldngrjeqflaz.exe"

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe

C:\Users\Admin\AppData\Local\Temp\umoewkmwqqfxgyapqfx.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\users\admin\appdata\local\temp\umoewkmwqqfxgyapqfx.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wqumgwamikbvgaevypjnf.exe .

C:\Windows\wqumgwamikbvgaevypjnf.exe

wqumgwamikbvgaevypjnf.exe .

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

"C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe" "c:\windows\wqumgwamikbvgaevypjnf.exe*."

Network

Country Destination Domain Proto
GB 95.100.153.131:443 www.bing.com tcp
GB 95.100.153.131:443 www.bing.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.myspace.com udp
US 34.111.176.156:80 www.myspace.com tcp
LT 78.62.181.221:38905 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 hocumaay.info udp
US 8.8.8.8:53 fjnzoojegm.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 zapyeqwvzkr.info udp
US 8.8.8.8:53 froppiek.net udp
US 8.8.8.8:53 uyoqcqgismus.org udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 xotndsapcj.net udp
US 8.8.8.8:53 ztwtfdwioit.com udp
US 8.8.8.8:53 bprpfe.net udp
US 8.8.8.8:53 woucscei.com udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 kztwwujhvhbb.info udp
US 8.8.8.8:53 qsosse.org udp
US 8.8.8.8:53 rvkcjx.net udp
US 8.8.8.8:53 nyzftgygweit.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 cgyuncskcsx.info udp
US 8.8.8.8:53 zrsevhobhgyn.info udp
US 8.8.8.8:53 govxpkzscjv.net udp
US 8.8.8.8:53 levafjfsz.org udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 pupevught.com udp
US 8.8.8.8:53 alhspvwvj.net udp
US 8.8.8.8:53 kpnepoxhpsxf.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 isdqlqwuz.info udp
US 8.8.8.8:53 uswuvslafdqv.net udp
US 8.8.8.8:53 giyctiehp.net udp
US 8.8.8.8:53 gcmyqqueke.org udp
US 8.8.8.8:53 kwdzjtbqyxci.net udp
US 8.8.8.8:53 qitmxgz.info udp
US 8.8.8.8:53 ilfgqtxk.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 tzvmbvhflm.info udp
US 8.8.8.8:53 bodiraodqsvn.info udp
US 8.8.8.8:53 rkrkzffqlrlt.info udp
US 8.8.8.8:53 ccxnxlnvobis.info udp
US 8.8.8.8:53 xktwwsr.net udp
US 8.8.8.8:53 memqsm.org udp
US 8.8.8.8:53 nlcrqj.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 uifhes.net udp
US 8.8.8.8:53 tsptxznj.net udp
US 8.8.8.8:53 gcgjdwzelgh.net udp
US 8.8.8.8:53 vopajun.org udp
US 8.8.8.8:53 mslrigckj.info udp
MD 94.243.81.151:32953 tcp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 ybrmfvxxv.info udp
US 8.8.8.8:53 pqesqyg.info udp
US 8.8.8.8:53 rsdpeob.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 cigqseoimaqg.org udp
US 8.8.8.8:53 nasgvchqu.info udp
US 8.8.8.8:53 pupwwufkvyx.info udp
US 8.8.8.8:53 oiwhbqxv.net udp
US 8.8.8.8:53 komscwgsuw.org udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 uyoioe.org udp
US 8.8.8.8:53 gkckwaekimom.com udp
US 8.8.8.8:53 hkpszgbkxqo.net udp
US 8.8.8.8:53 uksymiouwu.org udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 useqkaoc.org udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 jqbgpitcuit.org udp
US 8.8.8.8:53 nymcghstfqph.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 vntkhwvccor.org udp
US 8.8.8.8:53 fwhpzmkli.net udp
US 8.8.8.8:53 ypdjwgmy.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 ymggded.info udp
US 8.8.8.8:53 pedacijnsa.net udp
US 8.8.8.8:53 pvxdbgw.org udp
US 8.8.8.8:53 gwwwkesewy.org udp
US 8.8.8.8:53 gensxwp.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 rgkgdyzpoey.info udp
US 8.8.8.8:53 eguuqawkyquw.com udp
US 8.8.8.8:53 tgwatpn.net udp
LT 78.59.81.22:22543 tcp
US 8.8.8.8:53 ykfytsvkb.info udp
US 8.8.8.8:53 fzzmdyv.net udp
US 8.8.8.8:53 pfbita.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 ewropll.net udp
US 8.8.8.8:53 rslcxsjadya.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 sgzeiuk.info udp
US 8.8.8.8:53 sljdjssb.net udp
US 8.8.8.8:53 lobcvegerkr.org udp
US 8.8.8.8:53 jfnobcryvii.net udp
US 8.8.8.8:53 isbkvrps.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 ymeysgcu.com udp
US 8.8.8.8:53 uobzhkr.info udp
US 8.8.8.8:53 oibuzatvl.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 ridxfwtb.net udp
US 8.8.8.8:53 ywrtrjtd.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 nhsvgzwxqk.info udp
US 8.8.8.8:53 eynitjv.info udp
US 8.8.8.8:53 winafbcrtn.info udp
US 8.8.8.8:53 owzahm.net udp
US 8.8.8.8:53 uamsom.com udp
US 8.8.8.8:53 wixsbkemfml.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 cixlsvmtfi.net udp
US 8.8.8.8:53 ouhheq.net udp
US 8.8.8.8:53 obyvrzlkyx.net udp
US 8.8.8.8:53 aqsrdcv.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 jfwtqiqw.info udp
US 8.8.8.8:53 xxnpjgn.org udp
US 8.8.8.8:53 aofiaurftsb.info udp
US 8.8.8.8:53 wpdoqyfrfx.net udp
US 8.8.8.8:53 xpfqfaahzga.org udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 rimlgx.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 wsrhpyhqp.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 hcozmmsojyel.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 johenidnc.info udp
US 8.8.8.8:53 vpdhxcrirjf.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 blthblej.net udp
US 8.8.8.8:53 bpyajdbltb.net udp
US 8.8.8.8:53 kucwnqehh.net udp
US 8.8.8.8:53 wydiwsxoeon.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 vwhvlmc.org udp
US 8.8.8.8:53 cblwdcsww.net udp
US 8.8.8.8:53 icfyjuj.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 igamxkgtuzzv.net udp
US 8.8.8.8:53 ycldyd.info udp
US 8.8.8.8:53 ciwzdihblmva.net udp
US 8.8.8.8:53 zabxnpoybe.net udp
US 8.8.8.8:53 uclbdocgzm.info udp
GB 84.32.156.22:39686 tcp
US 8.8.8.8:53 cueqgmmk.org udp
US 8.8.8.8:53 blrsrk.info udp
US 8.8.8.8:53 zrtvkovjom.net udp
US 8.8.8.8:53 mmeekgceuu.org udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 rcnbdafgb.com udp
US 8.8.8.8:53 vjgmbjvoxy.info udp
US 8.8.8.8:53 rnnntrt.net udp
US 8.8.8.8:53 nibyjubkn.org udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 zshinvo.info udp
US 8.8.8.8:53 mpcyjhznhtsc.info udp
US 8.8.8.8:53 ytpxoc.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 slcltwio.info udp
US 8.8.8.8:53 osesigaq.org udp
US 8.8.8.8:53 octacye.info udp
US 8.8.8.8:53 jlwmpy.net udp
US 8.8.8.8:53 bvaajan.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 zrltvprxsu.info udp
US 8.8.8.8:53 cesmwmgyww.org udp
US 8.8.8.8:53 degaqrbkgn.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 pqhowkyyb.com udp
US 8.8.8.8:53 zmoirscpvk.net udp
US 8.8.8.8:53 tspkhyaji.net udp
US 8.8.8.8:53 hvfozqljs.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 iucwigoawkua.org udp
US 8.8.8.8:53 aguwrdos.info udp
US 8.8.8.8:53 uitwbypea.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 khbjlkak.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 fztdptaynkh.org udp
US 8.8.8.8:53 cpqavxamxofl.net udp
US 8.8.8.8:53 ftdifgnbmf.net udp
US 8.8.8.8:53 danlwufmkwi.com udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 pjxpkerykil.net udp
US 8.8.8.8:53 oatsbf.info udp
US 8.8.8.8:53 xepssfvgd.net udp
US 8.8.8.8:53 tmcrau.net udp
US 8.8.8.8:53 ikjvtkvkvbfs.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 nzcaoixktsv.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 bererifed.org udp
US 8.8.8.8:53 fimvsoenpwzf.net udp
US 8.8.8.8:53 uuesqkoo.org udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 lvxxvmb.net udp
US 8.8.8.8:53 siikswawcu.org udp
US 8.8.8.8:53 fczqnj.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 hfdckenfs.info udp
US 8.8.8.8:53 czsglhnr.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 sgpomch.info udp
US 8.8.8.8:53 oegemmmqyciw.org udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 oitrzcr.net udp
US 8.8.8.8:53 nodpflbez.net udp
US 8.8.8.8:53 binfluf.info udp
US 8.8.8.8:53 pmrqwok.info udp
US 8.8.8.8:53 jgodruhkg.com udp
US 8.8.8.8:53 zgheomg.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 icvabulxg.info udp
US 8.8.8.8:53 qsxbgqxxn.info udp
US 8.8.8.8:53 xierdb.net udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 siyomwgkwm.com udp
US 8.8.8.8:53 wcdphtcv.net udp
US 8.8.8.8:53 wesqomoqak.com udp
US 8.8.8.8:53 ftluem.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 rmxcbjfas.org udp
US 8.8.8.8:53 kcfoqkfydprw.net udp
US 8.8.8.8:53 iuueomca.com udp
US 8.8.8.8:53 wwiykiayoiys.org udp
US 8.8.8.8:53 iqaqie.org udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 sqsukwgs.org udp
US 8.8.8.8:53 hvlwaxgkloob.net udp
US 8.8.8.8:53 retkbx.net udp
US 8.8.8.8:53 vggolunozkp.info udp
US 8.8.8.8:53 tuhzdcfgy.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 vogrfurnj.info udp
US 8.8.8.8:53 iagsdivaz.net udp
US 8.8.8.8:53 lxhzkvzdj.org udp
US 8.8.8.8:53 wzwexoganj.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 teftzgy.org udp
US 8.8.8.8:53 hpdmoqbglwx.org udp
US 8.8.8.8:53 vesutvvuqad.com udp
US 8.8.8.8:53 srpkgx.net udp
US 8.8.8.8:53 oieqie.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 hjeddujlbov.info udp
US 8.8.8.8:53 moqkgyismu.com udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 ytarjeqk.info udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 uwieey.org udp
US 8.8.8.8:53 plbtsjvqbe.net udp
US 8.8.8.8:53 tkqcwzagp.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 sucuyquq.com udp
US 8.8.8.8:53 tgtmtju.info udp
US 8.8.8.8:53 blriytvijot.com udp
LT 78.59.81.22:22543 tcp
US 8.8.8.8:53 gpbpxipcbt.net udp
US 8.8.8.8:53 pvbxhsuirz.net udp
US 8.8.8.8:53 obtqfwxlfyz.info udp
US 8.8.8.8:53 quyeeieegiwc.org udp
US 8.8.8.8:53 xrcwqqf.org udp
US 8.8.8.8:53 gwdidpklygjg.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 sgakgq.org udp
US 8.8.8.8:53 aihumuo.info udp
US 8.8.8.8:53 rcrvzujojib.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 poxkdmf.net udp
US 8.8.8.8:53 drtpvlde.info udp
US 8.8.8.8:53 jlkzckiryhcw.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 vtutkaklzv.net udp
US 8.8.8.8:53 hnxuyepk.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 zedotwtv.net udp
US 8.8.8.8:53 kicygskg.com udp
US 8.8.8.8:53 setehb.net udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 bkvvuzcwcqac.net udp
US 8.8.8.8:53 stijsnzdhh.net udp
US 8.8.8.8:53 nkbylid.org udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 tgtouua.info udp
US 8.8.8.8:53 kmayeqasww.org udp
US 8.8.8.8:53 eemusgke.org udp
US 8.8.8.8:53 nwtiiruu.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 lmtqfhhfboxh.info udp
US 8.8.8.8:53 lfqsjee.info udp
LT 78.59.46.22:33741 tcp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 pypdqajwq.info udp
US 8.8.8.8:53 sdgahalflmgk.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 xrhuiv.net udp
US 8.8.8.8:53 maiuhxqtuigu.info udp
US 8.8.8.8:53 ufhwjus.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 wuljafplczf.info udp
US 8.8.8.8:53 tmrsrsxdd.com udp
US 8.8.8.8:53 vglgnkjsfud.net udp
US 8.8.8.8:53 woxgftsg.info udp
US 8.8.8.8:53 lwavkp.info udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ydvcpotsc.info udp
US 8.8.8.8:53 kmaoka.org udp
US 8.8.8.8:53 dihdqndj.info udp
US 8.8.8.8:53 yswwsaqoemuu.org udp
US 8.8.8.8:53 itjyvllhd.info udp
US 8.8.8.8:53 ewxibuxqu.info udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 fkbupmdij.org udp
US 8.8.8.8:53 jfvjbwlr.net udp
US 8.8.8.8:53 xtztvr.net udp
US 8.8.8.8:53 rphwit.info udp
US 8.8.8.8:53 pwnahv.info udp
US 8.8.8.8:53 eiiiqigo.org udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 gahthmz.net udp
US 8.8.8.8:53 lzfgtccsw.com udp
US 8.8.8.8:53 jbbzhcftbk.info udp
US 8.8.8.8:53 isyuftvucjqo.net udp
US 8.8.8.8:53 qksyelorzodq.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 kyesqaguqc.com udp
US 8.8.8.8:53 auagfdipnmli.net udp
US 8.8.8.8:53 japcxipmv.org udp
US 8.8.8.8:53 ftiiuewzbdxo.net udp
US 8.8.8.8:53 yojkaljecqs.info udp
MX 89.117.110.205:43875 tcp
US 8.8.8.8:53 dirhbueqd.net udp
US 8.8.8.8:53 dwlkxinvpot.net udp
US 8.8.8.8:53 wrxxewoxbsno.net udp
US 8.8.8.8:53 clrijfzgzdgr.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 ojomuhvd.info udp
US 8.8.8.8:53 wtduygwpgy.info udp
US 8.8.8.8:53 rplzbsvgljdp.net udp
US 8.8.8.8:53 kpbyxlybogfg.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 zutwksnln.net udp
US 8.8.8.8:53 rgtxhupb.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 pgjkjdbaz.info udp
US 8.8.8.8:53 eyiook.org udp
US 8.8.8.8:53 pqfglabyzvl.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 ysgosogy.org udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 qdtzrobt.info udp
US 8.8.8.8:53 wcdozqnor.net udp
US 8.8.8.8:53 bfrabyr.net udp
US 8.8.8.8:53 thfzzkroyftu.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 hmnxew.net udp
US 8.8.8.8:53 khzqdubyhlv.info udp
US 8.8.8.8:53 sywmccokec.com udp
US 8.8.8.8:53 uoxartumgvpy.net udp
US 8.8.8.8:53 avfgzaz.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 qilzkqjurj.net udp
US 8.8.8.8:53 lmeibor.info udp
US 8.8.8.8:53 xhswpbdcoeq.net udp
US 8.8.8.8:53 cuyxjcvgnaf.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 osayak.org udp
US 8.8.8.8:53 weodhdlqvvbi.info udp
US 8.8.8.8:53 jbzndywy.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 yzhavgvmt.info udp
US 8.8.8.8:53 vadcholsgssf.info udp
US 8.8.8.8:53 csgolyphzt.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 rgpuplzmd.com udp
US 8.8.8.8:53 ztkdkkta.net udp
US 8.8.8.8:53 mlowkxrcihfb.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 qbpgkkbyj.net udp
US 8.8.8.8:53 mlgtvrbc.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 hinthmy.org udp
US 8.8.8.8:53 zgysfi.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 dgbgnihcjyx.net udp
US 8.8.8.8:53 ymrcfgviz.info udp
US 8.8.8.8:53 ssycom.com udp
US 8.8.8.8:53 hmjccwkvq.net udp
US 8.8.8.8:53 xnjwui.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 lnjqrcdbycd.org udp
US 8.8.8.8:53 ycvljbkemah.net udp
US 8.8.8.8:53 fuhmris.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 yyokkm.com udp
US 8.8.8.8:53 kvjrtyadjwuj.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 bhamfu.info udp
US 8.8.8.8:53 avxulcimvur.net udp
LT 78.60.148.98:43269 tcp
US 8.8.8.8:53 nsgpgmyopzxi.net udp
US 8.8.8.8:53 lccezxrw.info udp
US 8.8.8.8:53 aojzlwvws.net udp
US 8.8.8.8:53 fwhaple.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 xifotgfmo.org udp
US 8.8.8.8:53 todyxcpvqgvq.info udp
US 8.8.8.8:53 awuccyyy.com udp
US 8.8.8.8:53 shutbqaeup.info udp
US 8.8.8.8:53 qopgbkpntyz.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 kceyusugum.com udp
US 8.8.8.8:53 pwzsfwx.net udp
US 8.8.8.8:53 pierdmrs.net udp
US 8.8.8.8:53 imguiiyqsy.org udp
US 8.8.8.8:53 scjilzkwijmj.info udp
US 8.8.8.8:53 xgdybfvz.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 vlptqvxopix.com udp
US 8.8.8.8:53 ssqkrttphaib.info udp
US 8.8.8.8:53 ikfohktht.info udp
US 8.8.8.8:53 oycwjqh.net udp
US 8.8.8.8:53 cgjpjb.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 iqywycos.com udp
US 8.8.8.8:53 vyjiwodak.com udp
US 8.8.8.8:53 magigkui.org udp
US 8.8.8.8:53 tnusfiyjmdox.net udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 ifbuvqyhuzoq.net udp
US 8.8.8.8:53 vqufawsahe.info udp
US 8.8.8.8:53 xyerjemobwc.com udp
US 8.8.8.8:53 jfsrex.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 lxjvbaiqrv.info udp
US 8.8.8.8:53 ualeonh.info udp
US 8.8.8.8:53 wgooiqmg.com udp
US 8.8.8.8:53 cgmdkpal.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 nynfvafcolh.com udp
US 8.8.8.8:53 omkoeigekeie.org udp
US 8.8.8.8:53 zizgock.net udp
US 8.8.8.8:53 rvrizktyup.info udp
US 8.8.8.8:53 gwwkgmko.com udp
US 8.8.8.8:53 shetxympph.net udp
US 8.8.8.8:53 bkfrzddv.net udp
US 8.8.8.8:53 uyunsbtk.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 aouqcoqakseq.com udp
US 8.8.8.8:53 jgbssck.com udp
US 8.8.8.8:53 gygsqakm.com udp
US 8.8.8.8:53 eyfezgpdwcd.net udp
US 8.8.8.8:53 uywemq.com udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 swqqgeqseyey.com udp
US 8.8.8.8:53 dnlqpgzsg.net udp
US 8.8.8.8:53 auaglvpgrdk.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 kehujefin.net udp
US 8.8.8.8:53 rwaqcsvyb.info udp
US 8.8.8.8:53 zrfbfefl.info udp
US 8.8.8.8:53 bodpugvwy.org udp
LT 78.62.181.221:38905 tcp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 iioywieasc.org udp
US 8.8.8.8:53 clvsbiria.info udp
US 8.8.8.8:53 oxeboq.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 cvmvto.info udp
US 8.8.8.8:53 bqbhhupq.net udp
US 8.8.8.8:53 rekrtk.net udp
US 8.8.8.8:53 jflgtndgid.net udp
US 8.8.8.8:53 fynhldb.info udp
US 8.8.8.8:53 acooowoc.com udp
US 8.8.8.8:53 nbzqqsoovfpm.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 nrfqekbekot.com udp
US 8.8.8.8:53 xuqxev.info udp
US 8.8.8.8:53 rglewtcyiu.info udp
US 8.8.8.8:53 fqjsbwjyxun.com udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 bbozkgsr.info udp
US 8.8.8.8:53 wucoii.org udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 womwusee.org udp
US 8.8.8.8:53 ctvjbvpeb.net udp
US 8.8.8.8:53 xdojlbbt.info udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 jyerwuk.net udp
US 8.8.8.8:53 jouzhis.net udp
US 8.8.8.8:53 vieyfklehuh.info udp
US 8.8.8.8:53 gxknzs.net udp
US 8.8.8.8:53 idjwpyp.net udp
US 8.8.8.8:53 oocmqggais.com udp
US 8.8.8.8:53 bfacqdhj.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 eqaukoyw.com udp
US 8.8.8.8:53 bmbrdp.net udp
US 8.8.8.8:53 oengsobme.info udp
BG 77.78.32.98:19619 tcp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 rqvwonbbhoe.org udp
US 8.8.8.8:53 jutnsfbkfdyc.info udp
US 8.8.8.8:53 iywuwwoet.net udp
US 8.8.8.8:53 lwwwre.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 qaigyoes.com udp
US 8.8.8.8:53 dldjylh.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 blgmnct.org udp
US 8.8.8.8:53 kcqswsmy.org udp
US 8.8.8.8:53 tenars.net udp
US 8.8.8.8:53 qtharisbiay.info udp
US 8.8.8.8:53 zltybfjrzw.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 haiflyy.net udp
US 8.8.8.8:53 mkawqy.com udp
US 8.8.8.8:53 eimosqyeae.org udp
US 8.8.8.8:53 bjwfbzlupwsc.info udp
US 8.8.8.8:53 lnywrmuyt.net udp
US 8.8.8.8:53 tspcdoc.net udp
US 8.8.8.8:53 calrnmaaldf.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 rwckbqtwkkx.com udp
US 8.8.8.8:53 zquakcjmfak.net udp
US 8.8.8.8:53 wrvmsbh.net udp
US 8.8.8.8:53 lkjeqegaqpdl.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 agjbxjfef.info udp
US 8.8.8.8:53 wghcdsrxf.net udp
US 8.8.8.8:53 acmwgs.org udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 rsdqzgdto.org udp
US 8.8.8.8:53 dnehqdgltieb.info udp
US 8.8.8.8:53 awkejgjsynj.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 dodwzvfuu.org udp
US 8.8.8.8:53 zwgsbuhvn.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 cmagsgks.org udp
US 8.8.8.8:53 wkftjtlspd.info udp
US 8.8.8.8:53 jmzqxwwr.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 udppeclxnofw.info udp
US 8.8.8.8:53 xmfkjsxqdio.com udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 syoczqjypol.net udp
US 8.8.8.8:53 dfqmjbtv.net udp
US 8.8.8.8:53 ipnnzlcu.info udp
US 8.8.8.8:53 pkhfxlnivx.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 tykedsp.com udp
US 8.8.8.8:53 rrxbvkppbkhy.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 dgtcgwryzcx.com udp
US 8.8.8.8:53 wuwuci.org udp
US 8.8.8.8:53 ytrrrxqp.info udp
US 8.8.8.8:53 kqvzgwxwxr.net udp
US 8.8.8.8:53 jyphfltyx.net udp
US 8.8.8.8:53 wqiweome.com udp
US 8.8.8.8:53 refwbh.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 daanvwjkzntb.net udp
US 8.8.8.8:53 tzmdsfz.info udp
US 8.8.8.8:53 ywghmez.net udp
US 8.8.8.8:53 hshhrol.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
LV 78.84.68.218:43561 tcp
US 8.8.8.8:53 dvcqtiii.net udp
US 8.8.8.8:53 puigdybmag.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 ajlrhqd.net udp
US 8.8.8.8:53 pawktzw.com udp
US 8.8.8.8:53 aeaayy.com udp
US 8.8.8.8:53 lchivmxwjx.info udp
US 8.8.8.8:53 gcfapzmmft.info udp
US 8.8.8.8:53 usrmwfq.info udp
US 8.8.8.8:53 mmecwoqmgeom.com udp
US 8.8.8.8:53 oiyavchfmqi.info udp
US 8.8.8.8:53 oqqcadhrs.info udp
US 8.8.8.8:53 yrlulzxual.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 enngwojenwf.net udp
US 8.8.8.8:53 ueucigcsyk.org udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 lqinfwlthr.info udp
US 8.8.8.8:53 mmqqem.org udp
US 8.8.8.8:53 taddjusedcu.com udp
US 8.8.8.8:53 upirthbxqwvd.info udp
US 8.8.8.8:53 hmhcdcyflttr.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 smttxeoqxlls.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 bywqeq.info udp
US 8.8.8.8:53 hqmplmldnap.net udp
US 8.8.8.8:53 dqsrugitnf.net udp
US 8.8.8.8:53 gcpqpkgyhxn.net udp
US 8.8.8.8:53 aeomsgsg.org udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 avhsdbrn.net udp
US 8.8.8.8:53 qogmsycq.com udp
US 8.8.8.8:53 mapydxcqq.info udp
US 8.8.8.8:53 dkznsr.info udp
US 8.8.8.8:53 ictdpxfltl.net udp
US 8.8.8.8:53 mkdvhtb.info udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 evvbiytgi.net udp
US 8.8.8.8:53 mqiotqsm.net udp
US 8.8.8.8:53 cuvegc.net udp
US 8.8.8.8:53 yiqciyioik.com udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 xolowiuilsl.org udp
LT 78.60.148.98:43269 tcp
US 8.8.8.8:53 twkgiylcp.net udp
US 8.8.8.8:53 rltqjtdglsx.net udp
US 8.8.8.8:53 xixvvyxgtndv.info udp
US 8.8.8.8:53 ihxonmuvbbok.net udp
US 8.8.8.8:53 ebfmxwrklax.info udp
US 8.8.8.8:53 pmlulepmd.info udp
US 8.8.8.8:53 auodget.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 zolqnkj.net udp
US 8.8.8.8:53 aibniwzmfmx.net udp
US 8.8.8.8:53 hkpenqem.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 nklqsax.org udp
US 8.8.8.8:53 iyimqywi.org udp
US 8.8.8.8:53 esumocis.com udp
US 8.8.8.8:53 bisbulcakr.net udp
US 8.8.8.8:53 oyddqawil.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 xojxdvtiweaf.info udp
US 8.8.8.8:53 cjsfmi.net udp
US 8.8.8.8:53 ymmsfod.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 wwncxhhwz.net udp
US 8.8.8.8:53 cjmcshuh.net udp
US 8.8.8.8:53 qapsimp.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 plfbyb.net udp
US 8.8.8.8:53 juqigix.net udp
US 8.8.8.8:53 ggsuwqqamm.org udp
US 8.8.8.8:53 lvdqlxc.org udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 rumgxob.info udp
US 8.8.8.8:53 xrueomvkfqd.info udp
US 8.8.8.8:53 iopizhyo.info udp
US 8.8.8.8:53 fwrxmmoz.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 fgdcfwr.org udp
US 8.8.8.8:53 tzvsokkaflay.net udp
US 8.8.8.8:53 zytyxrxurdbf.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 cofqjbbeduo.net udp
US 8.8.8.8:53 mgvnpyc.info udp
US 8.8.8.8:53 phskcqcuwu.net udp
US 8.8.8.8:53 egqmuoks.com udp
US 8.8.8.8:53 lfdufcziuqh.com udp
US 8.8.8.8:53 cdumbnoym.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 aghmrkglv.info udp
LT 78.59.46.22:33741 tcp
US 8.8.8.8:53 qkvohlrwguv.net udp
US 8.8.8.8:53 soscco.com udp
US 8.8.8.8:53 btvfdedpj.com udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 wkmuqqceeqwc.com udp
US 8.8.8.8:53 tixzxidujbo.com udp
US 8.8.8.8:53 sizgwst.info udp
US 8.8.8.8:53 rbfvfbhgldx.org udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 hkugduovdkj.org udp
US 8.8.8.8:53 maaowyiagy.com udp
US 8.8.8.8:53 coceicasagwc.com udp
US 8.8.8.8:53 jadekwtktxn.net udp
US 8.8.8.8:53 wauucaig.com udp
US 8.8.8.8:53 fdnzhbvmhv.info udp
US 8.8.8.8:53 ciubvdte.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 nlpmtrycndot.net udp
US 8.8.8.8:53 elbjut.info udp
US 8.8.8.8:53 bsthhwlip.org udp
US 8.8.8.8:53 osicygig.org udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 rwzcxgjwuvi.com udp
US 8.8.8.8:53 xffuyuf.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 bmqepltytgk.com udp
US 8.8.8.8:53 zwlxtotfmzfj.info udp
US 8.8.8.8:53 htharub.info udp
US 8.8.8.8:53 foomxud.net udp
US 8.8.8.8:53 gxiyvtayhqz.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 gsaiee.com udp
US 8.8.8.8:53 lzeuldpdtisn.net udp
US 8.8.8.8:53 ubzahitz.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 wxrgagtkn.info udp
US 8.8.8.8:53 peyjvkhbdb.net udp
US 8.8.8.8:53 xfkldswwgb.net udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 pyyfhhxrpj.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
MD 94.243.81.151:32953 tcp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 rlezsvhi.info udp
US 8.8.8.8:53 qzqdptqbpwwi.info udp
US 8.8.8.8:53 emgcsoky.com udp
US 8.8.8.8:53 rtfhbxdmvj.info udp
US 8.8.8.8:53 fmrpwrmmpkp.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 aaqabcakhgu.info udp
US 8.8.8.8:53 wuribyc.info udp
US 8.8.8.8:53 hdrdrq.net udp
US 8.8.8.8:53 kqmeqmmeog.org udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 caqvfr.info udp
US 8.8.8.8:53 dmcaob.info udp
US 8.8.8.8:53 hzkqdghabtcs.net udp
US 8.8.8.8:53 tmfbwu.info udp
US 8.8.8.8:53 sakgqu.com udp
US 8.8.8.8:53 ggyisgksmi.com udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 nopkmjvufmt.org udp
US 8.8.8.8:53 balodnd.org udp
US 8.8.8.8:53 lfoqaf.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 pvtjdudyjka.info udp
US 8.8.8.8:53 zzgmzasqe.info udp
US 8.8.8.8:53 vjaioeucteg.info udp
US 8.8.8.8:53 bksnsraylcdo.info udp
US 8.8.8.8:53 lbbkib.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 zuqiagssgun.info udp
US 8.8.8.8:53 erwoegn.net udp
US 8.8.8.8:53 iooumykcgo.com udp
US 8.8.8.8:53 fcxnbsp.info udp
US 8.8.8.8:53 dksupyh.net udp
US 8.8.8.8:53 xwbald.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 seuaqqgigcgk.org udp
US 8.8.8.8:53 bvhczkzhpeh.net udp
US 8.8.8.8:53 bgtnkiqcje.info udp
US 8.8.8.8:53 gnjamyvkap.info udp
US 8.8.8.8:53 fkdoujsibbaq.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 sctktlxx.info udp
US 8.8.8.8:53 mtiurius.info udp
US 8.8.8.8:53 scrwrltgfgx.net udp
US 8.8.8.8:53 vhhtpgynaxts.info udp
US 8.8.8.8:53 yhecnebmc.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 qejdfl.info udp
US 8.8.8.8:53 lscmhttet.org udp
US 8.8.8.8:53 qqyqfgb.info udp
US 8.8.8.8:53 gtnlpbsads.info udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 rdbimcd.com udp
US 8.8.8.8:53 bihqbimqi.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 eeqsqygcsw.com udp
US 8.8.8.8:53 ocdjplbwe.info udp
US 8.8.8.8:53 vpxcexye.net udp
US 8.8.8.8:53 wvtjghlmb.info udp
GB 84.32.156.22:39686 tcp
US 8.8.8.8:53 qaukholfi.info udp
US 8.8.8.8:53 yxduxkg.info udp
US 8.8.8.8:53 xgqaxobojgf.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 umgokkyqgsui.com udp
US 8.8.8.8:53 sqrynvgtfu.net udp
US 8.8.8.8:53 ihbdrk.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 srsuxup.net udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 erozvp.info udp
US 8.8.8.8:53 fomgzbwumqv.net udp
US 8.8.8.8:53 dmempclltuy.com udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 yyqmkkuq.org udp
US 8.8.8.8:53 aghfbcv.info udp
US 8.8.8.8:53 dbzubhbcrizq.net udp
US 8.8.8.8:53 ienmlqjel.info udp
US 8.8.8.8:53 xrqkxonyhj.info udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 lzykngtyngi.net udp
US 8.8.8.8:53 xsdnrqzlttny.net udp
US 8.8.8.8:53 hqirucxqt.info udp
US 8.8.8.8:53 twdshchetau.net udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 egwgigmogy.org udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 ylaeolfvzq.info udp
US 8.8.8.8:53 rmtcdkc.com udp
US 8.8.8.8:53 ptifiemhqb.net udp
US 8.8.8.8:53 bspvugqr.info udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 zjxtdcttphlv.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 brxwaqiqzr.info udp
US 8.8.8.8:53 gwwwemmcwe.org udp
US 8.8.8.8:53 eoeagams.com udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 noqfszyjhkxi.net udp
US 8.8.8.8:53 xymahup.info udp
US 8.8.8.8:53 huxusajytka.org udp
US 8.8.8.8:53 ikmoymeaauuc.org udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 skkcsuik.com udp
US 8.8.8.8:53 pevnncri.net udp
US 8.8.8.8:53 mvhsfmfuxj.info udp
US 8.8.8.8:53 fqmskcq.net udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 bqdxbohqbyzd.net udp
US 8.8.8.8:53 mkzgnxppvp.info udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 bbugwn.net udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 bmlgcepmz.net udp
US 8.8.8.8:53 iupahil.net udp
US 8.8.8.8:53 pckuqdyu.net udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 dmjybkv.com udp
US 8.8.8.8:53 iukgnl.info udp
US 8.8.8.8:53 otsepnrzqbzu.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 ltowjw.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 hkjnjxfxwod.net udp
US 8.8.8.8:53 wgghgw.net udp
US 8.8.8.8:53 rdyufshhrl.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 lwocjixqmen.com udp
US 8.8.8.8:53 qowyhj.net udp
US 8.8.8.8:53 alfkhxn.info udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 igdklelonip.info udp
US 8.8.8.8:53 unbuto.net udp
US 8.8.8.8:53 wuldian.info udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 otforxu.info udp
US 8.8.8.8:53 gpqocfx.net udp
US 8.8.8.8:53 lwfmytl.net udp
US 8.8.8.8:53 rpzgztaztpej.info udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 cmylfwxbucc.net udp
US 8.8.8.8:53 yezrjizwddt.net udp
US 8.8.8.8:53 gynzoqpjezoa.info udp
US 8.8.8.8:53 pckxxwc.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 vwtinftgvok.net udp
US 8.8.8.8:53 dodwmarq.info udp
US 8.8.8.8:53 wivumxrks.info udp
US 8.8.8.8:53 eczozqj.net udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 wuakckqayy.org udp
US 8.8.8.8:53 aafhlhxk.net udp
US 8.8.8.8:53 vimdlavtng.net udp
US 8.8.8.8:53 imnpzcpoo.net udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 wyqisk.org udp
US 8.8.8.8:53 iomsikaqis.com udp
US 8.8.8.8:53 tkhqrvrnja.info udp
US 8.8.8.8:53 klstpqbn.info udp
US 8.8.8.8:53 qcoism.com udp
US 8.8.8.8:53 nffqyfqblj.net udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 hwzlzk.net udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 iyqcyeou.com udp
US 8.8.8.8:53 oisosm.com udp
US 8.8.8.8:53 vkfrbjpoa.net udp
US 8.8.8.8:53 kkwyecsq.org udp
US 8.8.8.8:53 ssgqsckw.com udp
US 8.8.8.8:53 ueazbxtugjer.net udp
US 8.8.8.8:53 cxritgbkwiqj.net udp
US 8.8.8.8:53 khvwhdpfdaw.info udp
US 8.8.8.8:53 jxtmcoevpk.net udp
US 8.8.8.8:53 qdadjqjutdpq.info udp
US 8.8.8.8:53 cgioomaosisi.org udp
US 8.8.8.8:53 xflrdxdu.net udp
US 8.8.8.8:53 dhbxili.org udp
US 8.8.8.8:53 vutnib.net udp
US 8.8.8.8:53 joforcz.org udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 nhrndyqvyg.net udp
US 8.8.8.8:53 vsiivjqrfqyl.info udp
US 8.8.8.8:53 vfewxt.net udp
US 8.8.8.8:53 sjyhsr.info udp
US 8.8.8.8:53 ztcstkx.info udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 rpesjlkwllir.info udp
US 8.8.8.8:53 nrpqjt.info udp
US 8.8.8.8:53 xuhvrphu.info udp
US 8.8.8.8:53 zrvwfsnurd.info udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 jywoygnhfeb.net udp
US 8.8.8.8:53 tmwptcxi.net udp
US 8.8.8.8:53 sfnivsqp.net udp
US 8.8.8.8:53 oglbak.info udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 bifsmot.net udp
US 8.8.8.8:53 wsphimdomyt.info udp
US 8.8.8.8:53 poawtrjonb.info udp
US 8.8.8.8:53 zviudx.info udp
US 8.8.8.8:53 jfvcloih.info udp
US 8.8.8.8:53 wqjufyzlf.net udp
US 8.8.8.8:53 rmaysjztbxiw.net udp
US 8.8.8.8:53 pdyduyuudypu.net udp
US 8.8.8.8:53 sehmdau.info udp
US 8.8.8.8:53 vsswekgnat.info udp
US 8.8.8.8:53 wokwwmam.com udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 hocumaay.info udp
US 8.8.8.8:53 jrabitjq.info udp
US 8.8.8.8:53 mcvxwov.net udp
US 8.8.8.8:53 iwnquyjix.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 wvbvruewzh.net udp
US 8.8.8.8:53 rjtmhrkp.net udp
US 8.8.8.8:53 piywbezlx.info udp
US 8.8.8.8:53 dprqgeqyn.net udp
US 8.8.8.8:53 wgpcqkvol.net udp
US 8.8.8.8:53 kfgdoowsrum.net udp
US 8.8.8.8:53 moamxac.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 oaemiuyc.com udp
US 8.8.8.8:53 hcncqp.info udp
US 8.8.8.8:53 kgsmeywyssac.org udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 cukwhege.net udp
US 8.8.8.8:53 bvmbbgr.info udp
US 8.8.8.8:53 fhvxzv.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 lqpuiyys.net udp
US 8.8.8.8:53 zrsevhobhgyn.info udp
US 8.8.8.8:53 iahwvapa.net udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 rimoguhmoeb.com udp
US 8.8.8.8:53 pbgcxhgaefcr.info udp
US 8.8.8.8:53 bknruqtvpctg.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 wkrapw.net udp
US 8.8.8.8:53 qkieiwiuqecu.com udp
US 8.8.8.8:53 jeatlf.net udp
US 8.8.8.8:53 dhznfo.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 swutyyfujpf.info udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 suykogqiqqim.com udp
US 8.8.8.8:53 inlmujmv.info udp
US 8.8.8.8:53 efyfagiukoxx.info udp
US 8.8.8.8:53 ivbcwrvwrm.info udp
US 8.8.8.8:53 khccviywj.net udp
US 8.8.8.8:53 secgukkk.com udp
US 8.8.8.8:53 hdkwfslpfad.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 rsdpeob.info udp
US 8.8.8.8:53 ddpobim.org udp

Files

C:\Users\Admin\AppData\Local\Temp\vcmnxryrfmw.exe

MD5 89ec3461ef4a893428c32f89de78b396
SHA1 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9
SHA256 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b
SHA512 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8

C:\Windows\SysWOW64\jabqhuvexwkbjabppd.exe

MD5 b45ce61349c8fd0044f2bf10ac4d34b4
SHA1 37ed91a926c1d7a6194ee21ae03de8f4bd5947bd
SHA256 a8bea21f2d08a4952d7349aac02b6c9e0a73bf9d0ca54aeffb1db631adbac518
SHA512 a3061028f885646253ffc9ca3081658e4b31a49e13b4a187c774d673d5cab18e0ab333e07f055375fb6b87252a93ec790b99128ffec0b52ef1a64bb9775c624f

C:\Users\Admin\AppData\Local\Temp\uaquacs.exe

MD5 86074e1e96b9411df355db34f30ace9b
SHA1 5bc1575bcdebd8e5b286873deab4ee07f111eb5c
SHA256 5e7c97c38376548404b29769836f7646c8e5143edf99ff502ba10e895c08c9d8
SHA512 76cb2d6aa0661e75e1ddf9b15d31e0b80a4f3275994f73ee90e53adf1c9497a9ed37a6684906617cf639e9cccea573c619dc51cf56fdf92e715327522c08d7b9

C:\Users\Admin\AppData\Local\nqdehgtoteehberrddgtuxwjej.uxr

MD5 5837d6c53e546802c45c102c04f362d1
SHA1 5b4dd064c839844a9fa0eda0cf752ecf58160586
SHA256 96cc12b54dd2346e07f0db2b64fbc07e443a7196b2d470e82329e549df57c615
SHA512 1b059b3f2e1aa7532be5904abb423992945e86bd8acdf6f093c864d7b53eef8297a49d3d8ab375a010abb595fcd520aa5d1a47e483f16ffc8ffdf5f6f397b78e

C:\Users\Admin\AppData\Local\ocamakioealzesqbyjxvhvfdjzvguznlwtesq.qay

MD5 d6a062b0dc8482182ad9ab99d407e9e6
SHA1 42d3077e8afa45fa70e4d725f3b944177341d6d8
SHA256 335cc66d97fd6f233a0a9f4f5ae3f5c38694ca4fc4b215e2df83d848d8a3dcfc
SHA512 0a3295f6c387abf8a06b45217bed06091ae638bbb8d06c85ab7242063a9b1dd98835e7e591f7b1b88f55bfb0d9104c602f6ce510d6a27a5fa0a46c276155a08e

C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr

MD5 20b5d991f5d03413f27eeebbab9e6b8a
SHA1 ac47b8f267748dd8f376bc930526787f2124837f
SHA256 f638e2be36e9c0cf8bfa2d820faeb9ff4798e35920360fdfa7c6fd051c9983e0
SHA512 71c94755e6fe72463b597474f62db45ed2e55a12c1019cbeddcff62989b5037c787b39be0db3972929e595a5c62d5426d4050e455344bac70083963c584cce2b

C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr

MD5 2edd01965a3bcedc315f494bd590fea8
SHA1 2c14ddc6dcc0b77a8b268a1428a9b32670ee5131
SHA256 eb7e587093006fa348c0c8dd46c684230397cf838f12940d38289297417a7104
SHA512 c2c2f2d4134a090f28b0329dd949f8e814438a57786a8d8fdcc31ee19a734a5631cdb5ed6b281cc034470e16fde493d88a33d7728908088e272707e1765c0e6c

C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr

MD5 7dfcab6345855f8d925aae5c25dea626
SHA1 e7a9a2ab2e618182593d0002734b63f57c254749
SHA256 6b47292fd2a58cc8e99f99f4fd9d597f22d4297e71e00740f9bec4a95cea9cbf
SHA512 97057790c7abef76f38cf56e0283f39ca70d0e7b86ac249a333634aa8a7212a100e166e4338bee6d96393eb0b0957de6cfa366d9e46d9c4073bab83f46316850

C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr

MD5 a9d08bb7b507e754c863d96d9e86fa31
SHA1 617702c56df6780a03c4daa573831c4fadabedc4
SHA256 350e6dc8d7a4126034bebab55ae30ddec25bcf6a03b7abfaccd036c7e5e07e3b
SHA512 8127310e19518f142e3c2fe368ed23be50a972396559f11b5e2759bb66a2f8529ec92aff74a4181cd09e04ddeb38c6df3812e229aa156eae7cc44b405bc1b11b

C:\Program Files (x86)\nqdehgtoteehberrddgtuxwjej.uxr

MD5 131730adc624517451dae5f85265b90c
SHA1 b0e7e3acf0569f5bb91a192f5a0a0ada4bf7d039
SHA256 4e2a529fd0f267c57123828125b2686115326b5d4109c53678069cbf195be73e
SHA512 1021225d2c5c6f3f19488ff9e94d50adaaa72563e39d0fa13fcefe0b689ab3fd73d26f08382b3c053a7f2aafb5813f1287331f5ac8513bfab6b09bacb569a715