Malware Analysis Report

2025-08-10 16:33

Sample ID 250413-sjp17sytdx
Target JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e
SHA256 ce16cfb716ea2a3ebb272428883f5b7375f2b38c5eeff3c4e455baa9a9fb0168
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ce16cfb716ea2a3ebb272428883f5b7375f2b38c5eeff3c4e455baa9a9fb0168

Threat Level: Known bad

The file JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

UAC bypass

Pykspa family

Pykspa

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks computer location settings

Adds Run key to start application

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-13 15:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-13 15:09

Reported

2025-04-13 15:12

Platform

win10v2004-20250410-en

Max time kernel

41s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nhjujqjtbkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\khmascylwiialg = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\sryoiushuikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\sryoiushuikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\ijskguulaquqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\gjuomcexogmkbcqueicf.exe N/A
N/A N/A C:\Windows\gjuomcexogmkbcqueicf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
N/A N/A C:\Windows\zzhytgfvjybwkitub.exe N/A
N/A N/A C:\Windows\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Windows\sryoiushuikeroyy.exe N/A
N/A N/A C:\Windows\sryoiushuikeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Windows\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe N/A
N/A N/A C:\Windows\zzhytgfvjybwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Windows\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Windows\sryoiushuikeroyy.exe N/A
N/A N/A C:\Windows\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\gjuomcexogmkbcqueicf.exe N/A
N/A N/A C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\zzhytgfvjybwkitub.exe N/A
N/A N/A C:\Windows\ijskguulaquqfeqsac.exe N/A
N/A N/A C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
N/A N/A C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\sryoiushuikeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "vzlgfwztlelkcetyjojnz.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "gjuomcexogmkbcqueicf.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "tvfyvkldtkpmccpsbex.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "tvfyvkldtkpmccpsbex.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zzhytgfvjybwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "tvfyvkldtkpmccpsbex.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "gjuomcexogmkbcqueicf.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "vzlgfwztlelkcetyjojnz.exe ." C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zzhytgfvjybwkitub = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe ." C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlrgzkhvhuvoawf = "tvfyvkldtkpmccpsbex.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "sryoiushuikeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sryoiushuikeroyy = "ijskguulaquqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "ijskguulaquqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ijskguulaquqfeqsac = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ijskguulaquqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gjuomcexogmkbcqueicf.exe ." C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sryoiushuikeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "gjuomcexogmkbcqueicf.exe ." C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jfjwnwrdnyxoy = "tvfyvkldtkpmccpsbex.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kfiuksmxgqoe = "vzlgfwztlelkcetyjojnz.exe" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File created C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Program Files (x86)\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\tvfyvkldtkpmccpsbex.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File created C:\Windows\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\mreaaswrkemmfiyeqwsxkg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\sryoiushuikeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sryoiushuikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sryoiushuikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ijskguulaquqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sryoiushuikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vzlgfwztlelkcetyjojnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zzhytgfvjybwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gjuomcexogmkbcqueicf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tvfyvkldtkpmccpsbex.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5664 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5664 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5664 wrote to memory of 6028 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5428 wrote to memory of 928 N/A C:\Windows\system32\cmd.exe C:\Windows\gjuomcexogmkbcqueicf.exe
PID 5428 wrote to memory of 928 N/A C:\Windows\system32\cmd.exe C:\Windows\gjuomcexogmkbcqueicf.exe
PID 5428 wrote to memory of 928 N/A C:\Windows\system32\cmd.exe C:\Windows\gjuomcexogmkbcqueicf.exe
PID 4672 wrote to memory of 4724 N/A C:\Windows\system32\cmd.exe C:\Windows\gjuomcexogmkbcqueicf.exe
PID 4672 wrote to memory of 4724 N/A C:\Windows\system32\cmd.exe C:\Windows\gjuomcexogmkbcqueicf.exe
PID 4672 wrote to memory of 4724 N/A C:\Windows\system32\cmd.exe C:\Windows\gjuomcexogmkbcqueicf.exe
PID 4724 wrote to memory of 4708 N/A C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4724 wrote to memory of 4708 N/A C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4724 wrote to memory of 4708 N/A C:\Windows\gjuomcexogmkbcqueicf.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4692 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Windows\tvfyvkldtkpmccpsbex.exe
PID 4692 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Windows\tvfyvkldtkpmccpsbex.exe
PID 4692 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Windows\tvfyvkldtkpmccpsbex.exe
PID 1944 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\vzlgfwztlelkcetyjojnz.exe
PID 1944 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\vzlgfwztlelkcetyjojnz.exe
PID 1944 wrote to memory of 4872 N/A C:\Windows\system32\cmd.exe C:\Windows\vzlgfwztlelkcetyjojnz.exe
PID 3524 wrote to memory of 708 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
PID 3524 wrote to memory of 708 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
PID 3524 wrote to memory of 708 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe
PID 4872 wrote to memory of 4260 N/A C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4872 wrote to memory of 4260 N/A C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4872 wrote to memory of 4260 N/A C:\Windows\vzlgfwztlelkcetyjojnz.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 2008 wrote to memory of 5416 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
PID 2008 wrote to memory of 5416 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
PID 2008 wrote to memory of 5416 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
PID 2376 wrote to memory of 4248 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
PID 2376 wrote to memory of 4248 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
PID 2376 wrote to memory of 4248 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe
PID 1744 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
PID 1744 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
PID 1744 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe
PID 4248 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe C:\Windows\System32\Conhost.exe
PID 4248 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe C:\Windows\System32\Conhost.exe
PID 4248 wrote to memory of 6104 N/A C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe C:\Windows\System32\Conhost.exe
PID 5116 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5116 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 5116 wrote to memory of 5248 N/A C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 6028 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
PID 6028 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
PID 6028 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
PID 6028 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
PID 6028 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
PID 6028 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\vjfkt.exe
PID 6040 wrote to memory of 3328 N/A C:\Windows\system32\cmd.exe C:\Windows\zzhytgfvjybwkitub.exe
PID 6040 wrote to memory of 3328 N/A C:\Windows\system32\cmd.exe C:\Windows\zzhytgfvjybwkitub.exe
PID 6040 wrote to memory of 3328 N/A C:\Windows\system32\cmd.exe C:\Windows\zzhytgfvjybwkitub.exe
PID 3008 wrote to memory of 6132 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 3008 wrote to memory of 6132 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 3008 wrote to memory of 6132 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2664 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Windows\sryoiushuikeroyy.exe
PID 2664 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Windows\sryoiushuikeroyy.exe
PID 2664 wrote to memory of 452 N/A C:\Windows\system32\cmd.exe C:\Windows\sryoiushuikeroyy.exe
PID 5504 wrote to memory of 5668 N/A C:\Windows\system32\cmd.exe C:\Windows\sryoiushuikeroyy.exe
PID 5504 wrote to memory of 5668 N/A C:\Windows\system32\cmd.exe C:\Windows\sryoiushuikeroyy.exe
PID 5504 wrote to memory of 5668 N/A C:\Windows\system32\cmd.exe C:\Windows\sryoiushuikeroyy.exe
PID 6132 wrote to memory of 364 N/A C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 6132 wrote to memory of 364 N/A C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 6132 wrote to memory of 364 N/A C:\Windows\ijskguulaquqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 2148 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\ijskguulaquqfeqsac.exe
PID 2148 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\ijskguulaquqfeqsac.exe
PID 2148 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\ijskguulaquqfeqsac.exe
PID 3068 wrote to memory of 5612 N/A C:\Windows\system32\cmd.exe C:\Windows\ijskguulaquqfeqsac.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\vjfkt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4fe986f603c8689f0e3be5b60cc856e.exe"

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b4fe986f603c8689f0e3be5b60cc856e.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\vjfkt.exe

"C:\Users\Admin\AppData\Local\Temp\vjfkt.exe" "-C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe"

C:\Users\Admin\AppData\Local\Temp\vjfkt.exe

"C:\Users\Admin\AppData\Local\Temp\vjfkt.exe" "-C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe .

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\sryoiushuikeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\tvfyvkldtkpmccpsbex.exe

tvfyvkldtkpmccpsbex.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gjuomcexogmkbcqueicf.exe

C:\Windows\gjuomcexogmkbcqueicf.exe

gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Windows\vzlgfwztlelkcetyjojnz.exe

vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe

C:\Users\Admin\AppData\Local\Temp\zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\vzlgfwztlelkcetyjojnz.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\ijskguulaquqfeqsac.exe

ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe .

C:\Windows\zzhytgfvjybwkitub.exe

zzhytgfvjybwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\zzhytgfvjybwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zzhytgfvjybwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sryoiushuikeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Users\Admin\AppData\Local\Temp\vzlgfwztlelkcetyjojnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vzlgfwztlelkcetyjojnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sryoiushuikeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ijskguulaquqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Windows\sryoiushuikeroyy.exe

sryoiushuikeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\ijskguulaquqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe

C:\Users\Admin\AppData\Local\Temp\tvfyvkldtkpmccpsbex.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\tvfyvkldtkpmccpsbex.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\sryoiushuikeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\gjuomcexogmkbcqueicf.exe*."

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

C:\Users\Admin\AppData\Local\Temp\gjuomcexogmkbcqueicf.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.bbc.co.uk udp
US 151.101.192.81:80 www.bbc.co.uk tcp
LT 78.57.185.121:21014 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 fsnzvdvcxew.com udp
US 8.8.8.8:53 zyvwaap.net udp
US 8.8.8.8:53 lfphtrdaz.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 vteilyt.com udp
US 8.8.8.8:53 pwlcna.net udp
US 8.8.8.8:53 vkpcrfjspwf.info udp
US 8.8.8.8:53 pufplfa.net udp
US 8.8.8.8:53 wabhklf.info udp
US 8.8.8.8:53 uyoqcqgismus.org udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 koyokismwwua.com udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 zqqmruwye.info udp
US 8.8.8.8:53 tmbdpakqljf.org udp
US 8.8.8.8:53 otadflnvrtsd.net udp
US 8.8.8.8:53 xnutyoevyb.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 tremwcl.info udp
US 8.8.8.8:53 djrkevhf.info udp
US 8.8.8.8:53 aybwzrnmf.info udp
US 8.8.8.8:53 myaase.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 xjbuynpdku.net udp
US 8.8.8.8:53 bcsikagumk.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 isdqlqwuz.info udp
US 8.8.8.8:53 uswuvslafdqv.net udp
US 8.8.8.8:53 ydgkcesia.info udp
US 8.8.8.8:53 qkieiwiuqecu.com udp
US 8.8.8.8:53 jeatlf.net udp
US 8.8.8.8:53 gthssxfttd.net udp
US 8.8.8.8:53 ilfgqtxk.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 euogsi.org udp
LT 78.61.139.217:19660 tcp
US 8.8.8.8:53 movibssfbohi.net udp
US 8.8.8.8:53 jvflpufvefoj.info udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 egbgqh.net udp
US 8.8.8.8:53 dtrmgh.info udp
US 8.8.8.8:53 xpsywmrz.net udp
US 8.8.8.8:53 yypptnfxww.info udp
US 8.8.8.8:53 uagmek.com udp
US 8.8.8.8:53 unmkcn.net udp
US 8.8.8.8:53 lboebl.net udp
US 8.8.8.8:53 tctidmm.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 cwiqcw.org udp
US 8.8.8.8:53 dwdutpp.info udp
US 8.8.8.8:53 ewfgzywrl.info udp
US 8.8.8.8:53 vwgilqxw.net udp
US 8.8.8.8:53 jcdkrrtcb.com udp
US 8.8.8.8:53 fmqoxbt.org udp
US 8.8.8.8:53 fsoeebulkcfo.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
LT 77.221.81.32:29742 tcp
US 8.8.8.8:53 nyvhbu.info udp
US 8.8.8.8:53 nwkkaprb.net udp
US 8.8.8.8:53 awcsicqs.com udp
US 8.8.8.8:53 rexood.net udp
US 8.8.8.8:53 dswqietobrt.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 xkvwwr.net udp
US 8.8.8.8:53 euowikeiiw.com udp
US 8.8.8.8:53 ccbdls.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 pwutlyrhcq.info udp
US 8.8.8.8:53 posdiqfwasm.info udp
US 8.8.8.8:53 tkwhjwjqqgp.net udp
US 8.8.8.8:53 edzoloxzdqs.info udp
US 8.8.8.8:53 xizckzstxb.net udp
US 8.8.8.8:53 fogwlc.net udp
US 8.8.8.8:53 ymuiyuockk.com udp
US 8.8.8.8:53 glsieoyoip.info udp
US 8.8.8.8:53 dleujr.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 tevenadstmn.com udp
US 8.8.8.8:53 xapmdcpnpsj.net udp
US 8.8.8.8:53 eitxrmbwryx.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 pxbjiusmnjxh.net udp
US 8.8.8.8:53 foumkhnmfwmc.info udp
US 8.8.8.8:53 cnznmtcr.net udp
US 8.8.8.8:53 aqwkbooml.info udp
US 8.8.8.8:53 apxhvqeug.info udp
US 8.8.8.8:53 jvbnss.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 jklmjn.net udp
US 8.8.8.8:53 eutyrdxkl.net udp
US 8.8.8.8:53 krnsrkscmxo.info udp
US 88.216.18.28:22843 tcp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 nqtbfctrmxxk.net udp
US 8.8.8.8:53 xteyhr.info udp
US 8.8.8.8:53 buhoqxtn.info udp
US 8.8.8.8:53 oyieeu.org udp
US 8.8.8.8:53 oibuzatvl.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 sisieyqymqmw.com udp
US 8.8.8.8:53 ywrtrjtd.info udp
US 8.8.8.8:53 btyuudmusi.info udp
US 8.8.8.8:53 krhwda.net udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 kydpcc.net udp
US 8.8.8.8:53 xynwzmadaxx.com udp
US 8.8.8.8:53 hkdhbqpqnqb.net udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 icggomca.com udp
US 8.8.8.8:53 lgqmzqfaltt.info udp
US 8.8.8.8:53 gmuaweikgykc.org udp
US 8.8.8.8:53 aqsrdcv.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 rioqeulql.info udp
US 8.8.8.8:53 jkzldx.info udp
US 8.8.8.8:53 zkhgniqcjylf.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 yyltlspljkr.net udp
US 8.8.8.8:53 buhntf.info udp
US 8.8.8.8:53 heprdmdqbwq.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 rjgatt.info udp
US 8.8.8.8:53 owroshkj.net udp
US 8.8.8.8:53 tstqsuqaekbb.net udp
US 8.8.8.8:53 vylmhguwf.org udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 aemuqgao.com udp
US 8.8.8.8:53 usppafpbvdvz.net udp
US 8.8.8.8:53 buzggiznast.info udp
BG 77.71.30.91:18370 tcp
US 8.8.8.8:53 cubnwd.net udp
US 8.8.8.8:53 dgjwaltcget.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 pynmfafmt.info udp
US 8.8.8.8:53 ciweyqumuumy.com udp
US 8.8.8.8:53 jphisfg.net udp
US 8.8.8.8:53 pnvkqu.info udp
US 8.8.8.8:53 genkukhnhdf.info udp
US 8.8.8.8:53 xyxeou.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 sskaeqik.org udp
US 8.8.8.8:53 yrkjjagkr.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 sngallfq.net udp
US 8.8.8.8:53 eltrutdftd.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 yocgssouwwue.com udp
US 8.8.8.8:53 ispydk.net udp
US 8.8.8.8:53 gtmqpf.info udp
US 8.8.8.8:53 hlnidmiyfzgh.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 tsrxzachuhun.net udp
US 8.8.8.8:53 aunxplxxliqz.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 xgtopov.com udp
US 8.8.8.8:53 xgnctdxnqc.net udp
US 8.8.8.8:53 fgvqnxfdxj.net udp
US 8.8.8.8:53 sokfhsfa.info udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 qezmduxwl.net udp
US 8.8.8.8:53 bkyrdwmajj.net udp
US 8.8.8.8:53 tbticyexh.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 fgtjlfqt.net udp
US 8.8.8.8:53 zipwhvdtpd.net udp
US 8.8.8.8:53 jobepedkpwu.info udp
US 8.8.8.8:53 miuqakyaomaa.org udp
US 8.8.8.8:53 qyqphhvmgtsu.net udp
US 8.8.8.8:53 lmlfretatow.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 rawnqcpxufdn.net udp
US 8.8.8.8:53 yudyna.info udp
US 8.8.8.8:53 hvfozqljs.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 pqmzeaqimzlz.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 xhbkad.net udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 uiokvckcjuf.net udp
US 8.8.8.8:53 btdybms.info udp
US 8.8.8.8:53 zknkjuacxgw.net udp
US 8.8.8.8:53 tmqklrf.com udp
US 8.8.8.8:53 aguwrdos.info udp
GB 188.221.154.147:26490 tcp
US 8.8.8.8:53 btwshypwf.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 iqgagetqf.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 dgpmykfurzh.com udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 rqtmbpnlge.info udp
US 8.8.8.8:53 xctptjmdyyaq.net udp
US 8.8.8.8:53 jjjcymp.org udp
US 8.8.8.8:53 zcaihrh.info udp
US 8.8.8.8:53 uunnqzxolyd.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 womgqwcksyma.com udp
US 8.8.8.8:53 uxgibl.net udp
US 8.8.8.8:53 ysabln.info udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 jczvwpmmtwjr.info udp
US 8.8.8.8:53 kgyxqjdfn.net udp
US 8.8.8.8:53 scisoywu.org udp
US 8.8.8.8:53 dihowam.com udp
US 8.8.8.8:53 sheltqtenlxg.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 vgrkycfpwpp.org udp
US 8.8.8.8:53 acahgr.info udp
US 8.8.8.8:53 lecddtwtudaz.info udp
US 8.8.8.8:53 wggdzib.info udp
US 8.8.8.8:53 hgcklodrfcw.net udp
US 8.8.8.8:53 jkgafmv.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 nwygec.net udp
US 8.8.8.8:53 hhljiibz.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 siwcmkamyeka.org udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 rsaiyrddlu.net udp
US 8.8.8.8:53 tefwhufex.com udp
US 8.8.8.8:53 nfkykmri.net udp
US 8.8.8.8:53 udjeou.info udp
US 8.8.8.8:53 esakky.com udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 xwtmfjfoxvrz.info udp
US 8.8.8.8:53 vwfgxjt.com udp
US 8.8.8.8:53 qzldnofbkf.info udp
US 8.8.8.8:53 ijsbwkstflkk.info udp
US 8.8.8.8:53 dfvixt.info udp
US 8.8.8.8:53 uwxslhy.net udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 ccegwuoeyoki.org udp
US 8.8.8.8:53 rlaysc.net udp
US 8.8.8.8:53 celvtun.net udp
US 8.8.8.8:53 ddgkye.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 abzgjykgvmf.info udp
US 8.8.8.8:53 thegpizt.net udp
US 8.8.8.8:53 lkytzcacpel.org udp
US 8.8.8.8:53 gvknfyscd.info udp
DE 95.173.40.30:43171 tcp
US 8.8.8.8:53 ugoqmseq.org udp
US 8.8.8.8:53 lymmbkx.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 tataexfozy.net udp
US 8.8.8.8:53 stpbrbt.info udp
US 8.8.8.8:53 dgtuyhug.net udp
US 8.8.8.8:53 tjtsoacgmeng.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 giekeg.com udp
US 8.8.8.8:53 umgewqguia.com udp
US 8.8.8.8:53 owtcxotml.info udp
US 8.8.8.8:53 wobqhqnttlr.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 fhascdik.info udp
US 8.8.8.8:53 agwqawoskymm.org udp
US 8.8.8.8:53 tkjlhrzcdl.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 moqkgyismu.com udp
US 8.8.8.8:53 ytarjeqk.info udp
US 8.8.8.8:53 dearrtob.info udp
US 8.8.8.8:53 unudyndta.info udp
US 8.8.8.8:53 iybuquv.net udp
US 8.8.8.8:53 hznggrxyo.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 hgsrwh.info udp
US 8.8.8.8:53 hueivybopib.info udp
US 8.8.8.8:53 xxtkenbkly.info udp
US 8.8.8.8:53 stvjpng.info udp
US 8.8.8.8:53 hmanbb.net udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 jbjrzvbdrc.info udp
US 8.8.8.8:53 htjulot.org udp
LT 86.100.142.106:24528 tcp
US 8.8.8.8:53 kuaqgy.com udp
US 8.8.8.8:53 lmvctuycr.com udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 rugupeqycwcw.info udp
US 8.8.8.8:53 jjkqtbupcs.info udp
US 8.8.8.8:53 zswtmxbiterh.net udp
US 8.8.8.8:53 vubtzd.info udp
US 8.8.8.8:53 fofgctayk.org udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 nynusatmp.com udp
US 8.8.8.8:53 cgwgkaocys.org udp
US 8.8.8.8:53 lmkgcnxp.info udp
US 8.8.8.8:53 pstnvhxp.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 ukgccrza.net udp
US 8.8.8.8:53 ufjudexvp.net udp
US 8.8.8.8:53 zgwqvbuwa.org udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 aphnhcnh.net udp
US 8.8.8.8:53 kicygskg.com udp
US 8.8.8.8:53 sarnvkpzxq.net udp
US 8.8.8.8:53 tybdqoimofiu.net udp
US 8.8.8.8:53 lqteyaxkq.org udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 wldigo.info udp
US 8.8.8.8:53 gfqwjmnvybxo.net udp
US 8.8.8.8:53 mlfgayepf.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 pbmrvzxcz.info udp
US 8.8.8.8:53 owtldyji.net udp
US 8.8.8.8:53 nwtiiruu.net udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 ivhmxyxw.net udp
US 8.8.8.8:53 sjmkle.net udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 oeywoe.com udp
US 8.8.8.8:53 josddjfqhriu.net udp
US 8.8.8.8:53 hdcidelqxknk.net udp
US 8.8.8.8:53 wtnkrqu.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 oodinqneokj.info udp
US 8.8.8.8:53 exdvavflz.net udp
US 8.8.8.8:53 ewjmsv.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 aaecowwy.com udp
US 8.8.8.8:53 pgnfhctup.info udp
US 8.8.8.8:53 sqzjrbwu.net udp
US 8.8.8.8:53 spvhlxjbixqw.info udp
US 8.8.8.8:53 skiauggq.com udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 timrdlrcjwyu.net udp
US 8.8.8.8:53 csijolnhqn.net udp
US 8.8.8.8:53 uccksw.com udp
US 8.8.8.8:53 ocyqoikm.com udp
US 8.8.8.8:53 womkdolwmqm.net udp
US 8.8.8.8:53 yhmsxdegw.info udp
US 8.8.8.8:53 keucsokcyq.com udp
US 8.8.8.8:53 ewxibuxqu.info udp
GB 78.105.251.82:14181 tcp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 duruiz.info udp
US 8.8.8.8:53 xcmnfiyxsf.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 zmgyxirfxyk.org udp
US 8.8.8.8:53 jcbmzibk.info udp
US 8.8.8.8:53 hmmikdh.info udp
US 8.8.8.8:53 sqemsuom.com udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 jwhmuqh.com udp
US 8.8.8.8:53 kyesqaguqc.com udp
US 8.8.8.8:53 bnsqnydyqxb.org udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 xggzlpvqzo.net udp
US 8.8.8.8:53 ooykewoiewms.org udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 wuflcrxgmfza.net udp
US 8.8.8.8:53 pkukytejfsrx.net udp
US 8.8.8.8:53 uuqswc.org udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 fxgdtf.net udp
US 8.8.8.8:53 astofr.info udp
US 8.8.8.8:53 qmikggsk.com udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 dpvwkehqcbqh.info udp
US 8.8.8.8:53 oebrbvgsn.info udp
US 8.8.8.8:53 baxaddv.net udp
BG 87.246.44.65:33782 tcp
US 8.8.8.8:53 fejmph.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 wwaebapik.net udp
US 8.8.8.8:53 ktbgzy.info udp
US 8.8.8.8:53 qkfubktkh.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 hsjgfajglgh.org udp
US 8.8.8.8:53 vcpybkjsp.net udp
US 8.8.8.8:53 avfgzaz.net udp
US 8.8.8.8:53 kkvubonbzkl.info udp
US 8.8.8.8:53 qaayxsakf.info udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 iwyskukssioy.org udp
US 8.8.8.8:53 vetbvmeepl.net udp
US 8.8.8.8:53 wiqkuuaeiw.org udp
US 8.8.8.8:53 fdridhflyy.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 occoakuw.org udp
US 8.8.8.8:53 hnxxspkbudyb.info udp
US 8.8.8.8:53 owukjcjvozc.net udp
US 8.8.8.8:53 esbypibaq.info udp
US 8.8.8.8:53 fahajcdidkn.info udp
US 8.8.8.8:53 hgmudepeqnb.org udp
US 8.8.8.8:53 dvtuzo.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 yqbsxwbudmc.info udp
US 8.8.8.8:53 fmtydizkf.info udp
US 8.8.8.8:53 pwdkryjgmax.net udp
US 8.8.8.8:53 nevrfzfcv.info udp
US 8.8.8.8:53 yenmvgjwtcnl.info udp
US 8.8.8.8:53 nilkvol.info udp
US 8.8.8.8:53 waqygcxio.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 matilsz.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 gygagaugwk.org udp
US 8.8.8.8:53 rqthrif.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 ekkcuc.net udp
US 8.8.8.8:53 dlvpacrw.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 dgbgnihcjyx.net udp
US 8.8.8.8:53 sujicoxupur.info udp
US 8.8.8.8:53 jzbwvebmw.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 ghygvwwhfeqr.net udp
US 8.8.8.8:53 hfqeyihtnwb.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 sbxjhk.net udp
US 8.8.8.8:53 sagsxqz.info udp
US 8.8.8.8:53 ziukokiaz.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 yaqwuu.org udp
US 8.8.8.8:53 opknwqjdrfvr.net udp
US 8.8.8.8:53 ocygakcyim.com udp
US 8.8.8.8:53 eczhvprcvecl.info udp
US 8.8.8.8:53 rxocukyciw.net udp
US 8.8.8.8:53 sypwnmr.net udp
US 8.8.8.8:53 ysuopwp.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 fotnqjqgvkx.org udp
US 8.8.8.8:53 zmcnnzjwwz.net udp
US 8.8.8.8:53 shutbqaeup.info udp
US 8.8.8.8:53 faneui.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 ygqisiyiqk.com udp
US 8.8.8.8:53 pierdmrs.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ssqkrttphaib.info udp
US 8.8.8.8:53 ngivxs.info udp
US 8.8.8.8:53 ygiujngwbr.info udp
US 8.8.8.8:53 oskwossa.com udp
US 8.8.8.8:53 lorxditp.info udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 zcpsxntjjgj.com udp
US 8.8.8.8:53 wykgze.net udp
US 8.8.8.8:53 wnbmkmjkyld.info udp
US 8.8.8.8:53 magigkui.org udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 svpqxsbiww.net udp
US 8.8.8.8:53 uaysuwugwu.org udp
US 8.8.8.8:53 nypcmrvn.net udp
US 8.8.8.8:53 zufozrgspjl.com udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 twvfjyi.org udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 wxlqzmt.info udp
US 8.8.8.8:53 vkzoaydx.net udp
US 8.8.8.8:53 aelavgbkbuw.info udp
US 8.8.8.8:53 dbaedfkaxtqp.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 gkgagu.com udp
US 8.8.8.8:53 nngmvx.net udp
US 8.8.8.8:53 nbhcmp.net udp
US 8.8.8.8:53 wrfwdcj.net udp
US 8.8.8.8:53 hhrjcblowb.net udp
US 8.8.8.8:53 szfswaromgf.info udp
US 8.8.8.8:53 myjzxzx.info udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 dnlqpgzsg.net udp
US 8.8.8.8:53 fztqpkdyz.net udp
US 8.8.8.8:53 huzvlc.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 hptmhivan.org udp
US 8.8.8.8:53 bodpugvwy.org udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 czrmlwlwkgpj.net udp
US 8.8.8.8:53 fopobrnbtmt.org udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 cbirilqfsa.net udp
US 8.8.8.8:53 ghptrswqlr.net udp
US 8.8.8.8:53 sqnwjixwo.info udp
US 8.8.8.8:53 bbprtoxilfwz.info udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 nulnxhngvajt.net udp
US 8.8.8.8:53 pahznosyfglf.info udp
US 8.8.8.8:53 jifbxszljtnt.net udp
US 8.8.8.8:53 ayzppiqer.net udp
US 8.8.8.8:53 umiuec.com udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 fcyfawjyxco.net udp
US 8.8.8.8:53 xywojqwsbuk.info udp
US 8.8.8.8:53 nemcpvsbvjtf.net udp
US 8.8.8.8:53 agqkuuysoq.com udp
US 8.8.8.8:53 xmtnse.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 buverejz.info udp
US 8.8.8.8:53 cqjsnstknev.info udp
US 8.8.8.8:53 bruzkbfd.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 bkpchyltdqh.net udp
US 8.8.8.8:53 wzcccrbkueiw.info udp
US 8.8.8.8:53 vinyhkzoa.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 wgsokkkkyi.com udp
US 8.8.8.8:53 usvouerwp.info udp
US 8.8.8.8:53 hhgrhrds.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 gtduvxiez.info udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 iywuwwoet.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 pedesoocidq.org udp
US 8.8.8.8:53 fjfrtdgvjxje.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 kcqswsmy.org udp
US 8.8.8.8:53 hycixgzqlsu.info udp
US 8.8.8.8:53 kevzpunkm.info udp
US 8.8.8.8:53 jxcecukg.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 eimosqyeae.org udp
US 8.8.8.8:53 hizwxehbx.com udp
US 8.8.8.8:53 iunsxoe.info udp
US 8.8.8.8:53 iaisswoc.com udp
US 8.8.8.8:53 zajkbsuid.info udp
US 8.8.8.8:53 itgibehxi.info udp
US 8.8.8.8:53 oqyegm.com udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 hwfszoaclqtt.info udp
US 8.8.8.8:53 qhzsmvat.net udp
US 8.8.8.8:53 pijoixuoxa.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 jxagilpkjx.net udp
US 8.8.8.8:53 mwdupxnkjuh.info udp
US 8.8.8.8:53 pjjkxhvstx.info udp
US 8.8.8.8:53 yxpxqjgxvm.net udp
US 8.8.8.8:53 dyroryh.org udp
US 8.8.8.8:53 jpyhhjhoqxwk.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 slbvhqoxre.net udp
US 8.8.8.8:53 qwiksc.com udp
US 8.8.8.8:53 nqlnsv.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 nwlyxqvtdwg.info udp
US 8.8.8.8:53 mnricshk.info udp
US 8.8.8.8:53 qopkxcw.net udp
US 8.8.8.8:53 jblldmuicy.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 yzjgberx.info udp
US 8.8.8.8:53 bmzgybvql.info udp
US 8.8.8.8:53 zyeygku.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 bbvvnquqvdma.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 pmulortlxlvc.info udp
US 8.8.8.8:53 nwtuysanla.net udp
US 8.8.8.8:53 muymuggcoi.com udp
US 8.8.8.8:53 ysdadwtyiwp.info udp
US 8.8.8.8:53 pkrgrwx.org udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 heragu.info udp
US 8.8.8.8:53 ggnenbjr.net udp
US 8.8.8.8:53 sogclzb.net udp
US 8.8.8.8:53 jyphfltyx.net udp
US 8.8.8.8:53 refwbh.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 yqmgeyac.org udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 ygeyow.org udp
US 8.8.8.8:53 ifsodu.net udp
US 8.8.8.8:53 fdzvfen.org udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 qqbyneym.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 squglmbhupjx.net udp
US 8.8.8.8:53 qcysisma.org udp
US 8.8.8.8:53 muuysqomkeee.com udp
US 8.8.8.8:53 izmuvc.info udp
US 8.8.8.8:53 dxtknsjnio.info udp
US 8.8.8.8:53 yackyo.org udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 aeaayy.com udp
US 8.8.8.8:53 cxikqbbcucdn.info udp
US 8.8.8.8:53 huhedlwjnmsy.info udp
MD 93.116.56.126:32978 tcp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 usrmwfq.info udp
US 8.8.8.8:53 jnongm.info udp
US 8.8.8.8:53 ccrqqhimg.info udp
US 8.8.8.8:53 gtbidsb.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 ucemccqaucwm.org udp
US 8.8.8.8:53 yazszswnd.net udp
US 8.8.8.8:53 bkucktv.com udp
US 8.8.8.8:53 acjyoevya.net udp
US 8.8.8.8:53 nptvrsrd.net udp
US 8.8.8.8:53 tylwkh.net udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 advlimti.info udp
US 8.8.8.8:53 iudxmx.info udp
US 8.8.8.8:53 bjzhpl.net udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 pfnxqkleduoo.net udp
US 8.8.8.8:53 gyaumqcakq.org udp
US 8.8.8.8:53 fuvywycfh.net udp
US 8.8.8.8:53 muamqouoqmmk.com udp
US 8.8.8.8:53 xuwazdpfvmfd.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 souaxbjzrjiv.info udp
US 8.8.8.8:53 ysqceq.com udp
US 8.8.8.8:53 dukfil.info udp
US 8.8.8.8:53 ojniksxotf.net udp
US 8.8.8.8:53 jzfiboi.org udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 adkpjigewan.info udp
US 8.8.8.8:53 numcpijznap.com udp
US 8.8.8.8:53 kgsttxcmjbl.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 jqpnqofosyx.net udp
US 8.8.8.8:53 fyticffqor.net udp
US 8.8.8.8:53 melcemv.net udp
US 8.8.8.8:53 ictdpxfltl.net udp
US 8.8.8.8:53 atvonqy.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 ouauuquei.net udp
US 8.8.8.8:53 equookwot.info udp
US 8.8.8.8:53 nrdvcwudrz.info udp
US 8.8.8.8:53 obdyudxm.info udp
US 8.8.8.8:53 dczbag.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 vufnhke.org udp
LT 79.133.229.18:21151 tcp
US 8.8.8.8:53 iyhmjqsxn.info udp
US 8.8.8.8:53 kcivoyzj.net udp
US 8.8.8.8:53 jwzszdxikvcs.info udp
US 8.8.8.8:53 lmrhhxpcl.net udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 fecstsqaqwv.info udp
US 8.8.8.8:53 nnzzfc.net udp
US 8.8.8.8:53 rmdvrxhmhlfg.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 lfftzdxnqhnz.net udp
US 8.8.8.8:53 dnxzgqddic.net udp
US 8.8.8.8:53 rjawmtldgamz.net udp
US 8.8.8.8:53 wdncpgz.net udp
US 8.8.8.8:53 bgjrldnuoief.net udp
US 8.8.8.8:53 gcuwmcscuyoc.org udp
US 8.8.8.8:53 bisbulcakr.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 zclghogiegd.org udp
LV 80.233.161.201:44880 tcp
US 8.8.8.8:53 gnxmpr.info udp
US 8.8.8.8:53 qenlbaabl.info udp
US 8.8.8.8:53 ugvctccga.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 xunywmvsnag.info udp
US 8.8.8.8:53 dystpak.net udp
US 8.8.8.8:53 cujcxpb.info udp
US 8.8.8.8:53 xacmglopit.net udp
US 8.8.8.8:53 yaykig.org udp
US 8.8.8.8:53 wsfcvv.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 fsqahxryl.org udp
US 8.8.8.8:53 xjvfru.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 twjcku.info udp
US 8.8.8.8:53 xxxjrplchr.net udp
US 8.8.8.8:53 kulzhpv.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 drhfiysa.info udp
US 8.8.8.8:53 wgmwmgyk.com udp
US 8.8.8.8:53 wxxdlfyob.net udp
US 8.8.8.8:53 iydqus.info udp
US 8.8.8.8:53 xwgkvwcbv.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 vmlpjgdhh.net udp
US 8.8.8.8:53 lipybfbqhijy.info udp
US 8.8.8.8:53 yohxpxq.info udp
US 8.8.8.8:53 sbxfbqlfls.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 zqjzhx.info udp
US 8.8.8.8:53 brmnkt.net udp
US 8.8.8.8:53 awiwki.org udp
BG 77.76.147.36:27150 tcp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 nynkljdddp.info udp
US 8.8.8.8:53 arnyniyzbkwb.info udp
US 8.8.8.8:53 rijymmvixoz.org udp
US 8.8.8.8:53 zoycvebfyi.info udp
US 8.8.8.8:53 sldqtg.info udp
US 8.8.8.8:53 furcjcbo.info udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 nnpxlrhete.info udp
US 8.8.8.8:53 psomlxvej.com udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 nlqqmvjw.info udp
US 8.8.8.8:53 emkcywuoqwoi.org udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 xuzmnlf.com udp
US 8.8.8.8:53 iiwcgwyo.org udp
US 8.8.8.8:53 eydrddngqlnf.info udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 qbqiyuibkkrb.info udp
US 8.8.8.8:53 nkzgzh.info udp
US 8.8.8.8:53 hvctvmz.com udp
US 8.8.8.8:53 bqvhxbzmb.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 wsannozhhquu.net udp
US 8.8.8.8:53 oijupendzbnx.net udp
US 8.8.8.8:53 hphcvglwtyl.info udp
US 8.8.8.8:53 egamlolkcjnc.net udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 gldvzi.net udp
US 8.8.8.8:53 chxtdr.info udp
US 8.8.8.8:53 tsvspwequex.net udp
US 8.8.8.8:53 cijqsudpwp.info udp
US 8.8.8.8:53 rndabhjecbrn.info udp
US 8.8.8.8:53 tejyvvtib.com udp
US 8.8.8.8:53 kghewgcp.net udp
US 8.8.8.8:53 agaywgqwkusi.com udp
US 8.8.8.8:53 ckkciewg.com udp
US 8.8.8.8:53 fafjpbdxvlud.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 umakmc.com udp
US 8.8.8.8:53 drvebqmtnq.net udp
US 8.8.8.8:53 wmhihabvserx.info udp
US 8.8.8.8:53 logqiovkt.info udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 utecxg.net udp
US 8.8.8.8:53 suyuvbnvpop.net udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 yogyfooeq.info udp
US 8.8.8.8:53 vaxcfgx.org udp
US 8.8.8.8:53 unuhakptymjk.net udp
US 8.8.8.8:53 pwqlpqyqf.com udp
US 8.8.8.8:53 pjdcbpjmkpb.org udp
US 8.8.8.8:53 mgsycc.org udp
US 8.8.8.8:53 uexzvatwno.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 xmbuvwjmvwj.net udp
US 8.8.8.8:53 yqxuvkpmslin.net udp
US 8.8.8.8:53 covlnibft.info udp
US 8.8.8.8:53 nnjbsfnjbbdv.info udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 exhpbif.info udp
US 8.8.8.8:53 unugba.net udp
US 8.8.8.8:53 fgxmngqhk.org udp
US 8.8.8.8:53 zatrcqr.org udp
US 8.8.8.8:53 ewfpeanen.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 ropgsrxrrz.info udp
US 8.8.8.8:53 feleqb.net udp
US 8.8.8.8:53 erwoegn.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 ykzwhuuitz.info udp
US 8.8.8.8:53 tsvyxgzcvrq.org udp
US 8.8.8.8:53 svhvrivf.info udp
US 8.8.8.8:53 eirznpxmpmd.info udp
US 8.8.8.8:53 objsdojnc.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 mtiurius.info udp
US 8.8.8.8:53 emyuymkmgw.org udp
US 8.8.8.8:53 scrwrltgfgx.net udp
US 8.8.8.8:53 vbbbhvrcrz.net udp
US 8.8.8.8:53 bytalifkl.org udp
US 8.8.8.8:53 vlbwvu.net udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 bgzwyrwjqct.org udp
US 8.8.8.8:53 aevsal.info udp
US 8.8.8.8:53 kcckmuscys.com udp
US 8.8.8.8:53 zbokshowltop.net udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 bsgnvgrhvp.net udp
US 8.8.8.8:53 twxiotdhhkhp.info udp
US 8.8.8.8:53 bqhyvcd.net udp
US 8.8.8.8:53 xsyreqvan.org udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 csfkikbopwh.net udp
US 8.8.8.8:53 nwmyxjn.info udp
US 8.8.8.8:53 krwgpqt.info udp
US 8.8.8.8:53 qaukholfi.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 pkclhejwa.com udp
US 8.8.8.8:53 exnkxd.net udp
US 8.8.8.8:53 kmtptznlhj.info udp
US 8.8.8.8:53 egcqiqiicgeq.com udp
US 8.8.8.8:53 rcbvouhy.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 roxxnsp.com udp
US 8.8.8.8:53 zmzypwz.net udp
US 8.8.8.8:53 caqseswawqco.org udp
US 8.8.8.8:53 elxrgc.info udp
US 8.8.8.8:53 ocygcsuw.org udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 wbxtsa.net udp
US 8.8.8.8:53 ygauwfz.info udp
US 8.8.8.8:53 fomgzbwumqv.net udp

Files

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

MD5 eb09c682903ecbd87f30b0366e008d8f
SHA1 59b0dc27c06ce536327490439a37751a3dbd5e38
SHA256 c4b122f7bab30363b472a3dffb8a7c61604c0ec4719ebd233ccbac8be0951be1
SHA512 83236c0955b81375666c10445d2cf5e4723b24e42e4ee5fb951f53945483be2fff5c8ef167f08cfad3accc162c61e750bb1039edbf09e26afe18cba2f994eb5d

C:\Windows\SysWOW64\ijskguulaquqfeqsac.exe

MD5 b4fe986f603c8689f0e3be5b60cc856e
SHA1 4989bebdf2b66cec09efe777715577b21e5fec5e
SHA256 ce16cfb716ea2a3ebb272428883f5b7375f2b38c5eeff3c4e455baa9a9fb0168
SHA512 b5b057b7d9a79abd6d857c50767075e480bd3bb3d6dee512c9d517c851e242e42d0e05263010c719b870308bc728908345310280c2b3431a72b8ffc50533b94e

C:\Users\Admin\AppData\Local\Temp\vjfkt.exe

MD5 97ad6ac6b09531dc74ee709de60a1d75
SHA1 c5243821a689a6e36b9947e64dc524895e4850d6
SHA256 0d9b4b830436abbeb913536e9d2d22eaa6d1e70557bb0d70c317edde4f2b8bbe
SHA512 90bfa6e14f218e66b315cb14968fbb3fa3d0ea0da4993e24fab7c61ca8a3b207fa0a27b122c37404925b71a5defabac1fe832c310123f1f481176cdaba52b23e

C:\Users\Admin\AppData\Local\wfwwawedaykolsmwmwwfww.wed

MD5 fc61fef3961dad0d51051ebb28fa4225
SHA1 7e69a767389e8a76a60e30a1a9337f58170a75cb
SHA256 fba53af4f112be79c4ccea3663cd2a3b6e85a4e699b81577ff7d4123a2c8aded
SHA512 e77381bb8b39ae06a7f76bb2f63401f54796729177f9dd2f40cca6eca5c25d4c8683fe1f14a9fd91d37b02b04f16f0638eeefc3b210afe1acdc7948832051746

C:\Users\Admin\AppData\Local\nhjujqjtbkhwewbwxsdxzkzgzjraxmumr.nit

MD5 3ab3c1f7f7a079031fc5657141c7187f
SHA1 2ec8dc0d32cb0b999729dba7ec491ec1eb010ad9
SHA256 67075c6e247a627e8f38abf21bb3cd819f00724625917843e8e9ba5276e7f7c0
SHA512 e00abf8abcaafcc4c0ed6f746298ab6bf074b4753424e544857e19339196542df4e2fe9baccde04222bdf99266f9450248eeb691ca7244d5f1c6afb28883081a

C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed

MD5 0fe93ce1562e05423bede9286c184003
SHA1 4db20eadf16146e5334069c95ec2d5cd9cf8249d
SHA256 e3cd77df09d99a7a71b09e1e877ad0e08770c2ba05cd70cc96254e340f829fcf
SHA512 253b69560c11160ccf633c95501da81def36fda338971ff6cd3d31915f36bdd101528f3cc95c9093eae0b24fd24993cbe6c403e4180e74ddb7bae6feebb9df4f

C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed

MD5 0f02e4a074f360baf10a66719955d256
SHA1 617798dc5ecc89d7b7319fff6182facf32fc3cea
SHA256 e5f1b155b3c43d918c3e16a9667f51af4961c37f21ba20c14d09b016cdbd47dd
SHA512 1ca029eb48d8a65b531b9d5b88b5d35b348caff8055de55fac3fdbf1ae40e91a53772e10a8aac1277ae3f3863e33fd04d0636ab25804fd20abcfaaff2a9d3e89

C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed

MD5 5b961d61563cfa21722a7d287f1dc4f2
SHA1 6f30858af64e4789b6e35d39088e1d840b2ac333
SHA256 93cd4a25886dfd34b1a0c531458d448054d8c430ca922276c23b0cdab11b6e97
SHA512 70442406d040d80c5dfc2980c59ee8a30ab1c3f159dac28add4a368442106927e88af7f80ef37b7dbc06f52fa97b7e3906841f0c29aa2d056e4cbfc6bcde04ef

C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed

MD5 9fde5ecb0d6e6dfbdb6a69df75ac26fb
SHA1 1d4f3d23aebd2644c5062a353ab183ced4fff25e
SHA256 79f12a614084732beb1f42ada199bcd7b70a883451c1ac7651f0ba1c48f63b3e
SHA512 006be5f732619812dff0d25a367ac4788516e573ea649aeb05312c86d19e919979fc9f35df8cf2f3827d44c967f6d491f9610565a11ef674d66a8235bc97bfcc

C:\Program Files (x86)\wfwwawedaykolsmwmwwfww.wed

MD5 68c4f43c08ccb99b630d4bdbc0a667f0
SHA1 ef58c244be729edf55a8f7898b8f6b419716e7a9
SHA256 c2aee4ded4057ab74d23fb2e52d514b6e566452d2d4c953a2dd898432e8b0424
SHA512 0c8ea829653652b4b7fdfdc8928449bda8afdfd865a0cbb80305bd0b8637f72c125c8ada048fec2d7eb652bdd07e523d12481539d0ac5a4a02bcc326db6d9df6