Malware Analysis Report

2025-08-10 16:34

Sample ID 250413-xp767a1px7
Target JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1
SHA256 108e977f71759ac7d303ca9a76b33c440a70f94a68a3e603704afe85de849692
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

108e977f71759ac7d303ca9a76b33c440a70f94a68a3e603704afe85de849692

Threat Level: Known bad

The file JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

UAC bypass

Pykspa

Pykspa family

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Blocklisted process makes network request

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks computer location settings

Adds Run key to start application

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-13 19:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-13 19:02

Reported

2025-04-13 19:05

Platform

win10v2004-20250410-en

Max time kernel

44s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "yxlkezsvjgadjalhztmlz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cpremvctv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ndiyjvfzesdx = "cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\cxhcsjyxhaqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\cxhcsjyxhaqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\cxhcsjyxhaqpreldr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Windows\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Windows\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Windows\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
N/A N/A C:\Windows\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Windows\cxhcsjyxhaqpreldr.exe N/A
N/A N/A C:\Windows\cxhcsjyxhaqpreldr.exe N/A
N/A N/A C:\Windows\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Windows\lhsofxnnysjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Windows\cxhcsjyxhaqpreldr.exe N/A
N/A N/A C:\Windows\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
N/A N/A C:\Windows\lhsofxnnysjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
N/A N/A C:\Windows\lhsofxnnysjjmaibqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
N/A N/A C:\Windows\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Windows\wtfcunefrmefjyhbrja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "wtfcunefrmefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "vpyshxljskzxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "yxlkezsvjgadjalhztmlz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "cxhcsjyxhaqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "wtfcunefrmefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "cxhcsjyxhaqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vpyshxljskzxykqh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "vpyshxljskzxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "vpyshxljskzxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "jhuslfxzmibdiyidunfd.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "cxhcsjyxhaqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vpyshxljskzxykqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "lhsofxnnysjjmaibqh.exe" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmajtbtwi = "jhuslfxzmibdiyidunfd.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdjamzkflamhf = "vpyshxljskzxykqh.exe" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nfmerfrnukxtsc = "wtfcunefrmefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yxlkezsvjgadjalhztmlz.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "wtfcunefrmefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wtfcunefrmefjyhbrja.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jhuslfxzmibdiyidunfd.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjyitcvzmw = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cxhcsjyxhaqpreldr.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qjrkynaxfwkhhsx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lhsofxnnysjjmaibqh.exe ." C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\zdwazzxfyazhsoefcbzdwa.zxf C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\SysWOW64\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\SysWOW64\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Program Files (x86)\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File created C:\Program Files (x86)\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\zdwazzxfyazhsoefcbzdwa.zxf C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\zdwazzxfyazhsoefcbzdwa.zxf C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File created C:\Windows\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\yxlkezsvjgadjalhztmlz.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\jhuslfxzmibdiyidunfd.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
File opened for modification C:\Windows\ppeezvptigbfmeqngbvvkk.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhcsjyxhaqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhcsjyxhaqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhcsjyxhaqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\cxhcsjyxhaqpreldr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vpyshxljskzxykqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\wtfcunefrmefjyhbrja.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lhsofxnnysjjmaibqh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3164 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3164 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3164 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5000 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Windows\jhuslfxzmibdiyidunfd.exe
PID 5000 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Windows\jhuslfxzmibdiyidunfd.exe
PID 5000 wrote to memory of 4244 N/A C:\Windows\system32\cmd.exe C:\Windows\jhuslfxzmibdiyidunfd.exe
PID 1344 wrote to memory of 1844 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfcunefrmefjyhbrja.exe
PID 1344 wrote to memory of 1844 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfcunefrmefjyhbrja.exe
PID 1344 wrote to memory of 1844 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfcunefrmefjyhbrja.exe
PID 1844 wrote to memory of 5116 N/A C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1844 wrote to memory of 5116 N/A C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 1844 wrote to memory of 5116 N/A C:\Windows\wtfcunefrmefjyhbrja.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2792 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfcunefrmefjyhbrja.exe
PID 2792 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfcunefrmefjyhbrja.exe
PID 2792 wrote to memory of 4228 N/A C:\Windows\system32\cmd.exe C:\Windows\wtfcunefrmefjyhbrja.exe
PID 5288 wrote to memory of 5180 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 5288 wrote to memory of 5180 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 5288 wrote to memory of 5180 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 1468 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
PID 1468 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
PID 1468 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe
PID 5656 wrote to memory of 3616 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
PID 5656 wrote to memory of 3616 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
PID 5656 wrote to memory of 3616 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe
PID 5180 wrote to memory of 5844 N/A C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5180 wrote to memory of 5844 N/A C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 5180 wrote to memory of 5844 N/A C:\Windows\vpyshxljskzxykqh.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 3616 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
PID 3616 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
PID 3616 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe
PID 1744 wrote to memory of 1304 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
PID 1744 wrote to memory of 1304 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
PID 1744 wrote to memory of 1304 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe
PID 2648 wrote to memory of 1904 N/A C:\Windows\system32\cmd.exe C:\Windows\yxlkezsvjgadjalhztmlz.exe
PID 2648 wrote to memory of 1904 N/A C:\Windows\system32\cmd.exe C:\Windows\yxlkezsvjgadjalhztmlz.exe
PID 2648 wrote to memory of 1904 N/A C:\Windows\system32\cmd.exe C:\Windows\yxlkezsvjgadjalhztmlz.exe
PID 1904 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe C:\Windows\System32\Conhost.exe
PID 1904 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe C:\Windows\System32\Conhost.exe
PID 1904 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe C:\Windows\System32\Conhost.exe
PID 4608 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe
PID 4608 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe
PID 4608 wrote to memory of 4016 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe
PID 4608 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe
PID 4608 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe
PID 4608 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe C:\Users\Admin\AppData\Local\Temp\jtschn.exe
PID 4320 wrote to memory of 2944 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 4320 wrote to memory of 2944 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 4320 wrote to memory of 2944 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 1220 wrote to memory of 4424 N/A C:\Windows\system32\cmd.exe C:\Windows\cxhcsjyxhaqpreldr.exe
PID 1220 wrote to memory of 4424 N/A C:\Windows\system32\cmd.exe C:\Windows\cxhcsjyxhaqpreldr.exe
PID 1220 wrote to memory of 4424 N/A C:\Windows\system32\cmd.exe C:\Windows\cxhcsjyxhaqpreldr.exe
PID 1516 wrote to memory of 2732 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1516 wrote to memory of 2732 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1516 wrote to memory of 2732 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1000 wrote to memory of 4396 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 1000 wrote to memory of 4396 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 1000 wrote to memory of 4396 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe
PID 1600 wrote to memory of 2708 N/A C:\Windows\system32\cmd.exe C:\Windows\jhuslfxzmibdiyidunfd.exe
PID 1600 wrote to memory of 2708 N/A C:\Windows\system32\cmd.exe C:\Windows\jhuslfxzmibdiyidunfd.exe
PID 1600 wrote to memory of 2708 N/A C:\Windows\system32\cmd.exe C:\Windows\jhuslfxzmibdiyidunfd.exe
PID 2732 wrote to memory of 1032 N/A C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2732 wrote to memory of 1032 N/A C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 2732 wrote to memory of 1032 N/A C:\Windows\cxhcsjyxhaqpreldr.exe C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe
PID 4292 wrote to memory of 5432 N/A C:\Windows\system32\cmd.exe C:\Windows\vpyshxljskzxykqh.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\jtschn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b58392cb5dabc4b3851447d47255d4f1.exe"

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b58392cb5dabc4b3851447d47255d4f1.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\jtschn.exe

"C:\Users\Admin\AppData\Local\Temp\jtschn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe"

C:\Users\Admin\AppData\Local\Temp\jtschn.exe

"C:\Users\Admin\AppData\Local\Temp\jtschn.exe" "-C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\cxhcsjyxhaqpreldr.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yxlkezsvjgadjalhztmlz.exe

C:\Windows\yxlkezsvjgadjalhztmlz.exe

yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\cxhcsjyxhaqpreldr.exe*."

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\yxlkezsvjgadjalhztmlz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\jhuslfxzmibdiyidunfd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe .

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Users\Admin\AppData\Local\Temp\yxlkezsvjgadjalhztmlz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\lhsofxnnysjjmaibqh.exe*."

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe

C:\Users\Admin\AppData\Local\Temp\lhsofxnnysjjmaibqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vpyshxljskzxykqh.exe .

C:\Windows\lhsofxnnysjjmaibqh.exe

lhsofxnnysjjmaibqh.exe

C:\Windows\wtfcunefrmefjyhbrja.exe

wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\lhsofxnnysjjmaibqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cxhcsjyxhaqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wtfcunefrmefjyhbrja.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Windows\vpyshxljskzxykqh.exe

vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\wtfcunefrmefjyhbrja.exe*."

C:\Windows\cxhcsjyxhaqpreldr.exe

cxhcsjyxhaqpreldr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c jhuslfxzmibdiyidunfd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe

C:\Users\Admin\AppData\Local\Temp\wtfcunefrmefjyhbrja.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\windows\vpyshxljskzxykqh.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cxhcsjyxhaqpreldr.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

"C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe" "c:\users\admin\appdata\local\temp\wtfcunefrmefjyhbrja.exe*."

C:\Windows\jhuslfxzmibdiyidunfd.exe

jhuslfxzmibdiyidunfd.exe .

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vpyshxljskzxykqh.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jhuslfxzmibdiyidunfd.exe

Network

Country Destination Domain Proto
GB 95.101.143.185:443 www.bing.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.imdb.com udp
FR 52.222.159.143:80 www.imdb.com tcp
RU 94.241.219.61:26027 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 iyiyasaoakgu.com udp
US 8.8.8.8:53 qmhwpghfj.info udp
US 8.8.8.8:53 rmdgoqewust.net udp
US 8.8.8.8:53 ljdqrul.net udp
US 8.8.8.8:53 eewiakmc.com udp
US 8.8.8.8:53 arbyzeb.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 ysbedez.net udp
US 8.8.8.8:53 xwritufftxy.org udp
US 8.8.8.8:53 gynvhn.info udp
US 8.8.8.8:53 kfgdoowsrum.net udp
US 8.8.8.8:53 namexklos.info udp
US 8.8.8.8:53 ohabzlza.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 hctdyyvf.net udp
US 8.8.8.8:53 mrjfwi.info udp
US 8.8.8.8:53 ktdbblpexs.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 gakaicgigc.org udp
US 8.8.8.8:53 dgxdwsfshmx.com udp
US 8.8.8.8:53 patsydlw.info udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 moycqm.org udp
US 8.8.8.8:53 vavsbcjneur.org udp
US 8.8.8.8:53 rrgjxazj.info udp
US 8.8.8.8:53 lgqkvmnvb.info udp
US 8.8.8.8:53 japgtyfqcih.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
RU 94.241.219.61:26027 tcp
US 8.8.8.8:53 qiiibzkqpqc.info udp
US 8.8.8.8:53 pzfckahmtmh.net udp
US 8.8.8.8:53 zcvssyx.net udp
US 8.8.8.8:53 cobdseyk.info udp
US 8.8.8.8:53 rclugyfahgh.info udp
US 8.8.8.8:53 kpnepoxhpsxf.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 xurujcg.net udp
US 8.8.8.8:53 jeatlf.net udp
US 8.8.8.8:53 kwdzjtbqyxci.net udp
US 8.8.8.8:53 sgemoaukoa.com udp
US 8.8.8.8:53 ehzohac.net udp
US 8.8.8.8:53 zhbsfhza.net udp
US 8.8.8.8:53 fkdjpwnqxmx.com udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 ccxnxlnvobis.info udp
US 8.8.8.8:53 qijjwpd.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 uifhes.net udp
US 8.8.8.8:53 vaktchiwdiri.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 rbcjvbeybrva.net udp
US 8.8.8.8:53 jbplnub.net udp
US 8.8.8.8:53 pcyizzhcfhg.net udp
US 8.8.8.8:53 oizsngj.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 audvaaf.net udp
US 8.8.8.8:53 kulqtmjxnex.info udp
US 8.8.8.8:53 unoglyg.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 jybehfrfvkpj.net udp
US 8.8.8.8:53 tuqfzhho.net udp
US 8.8.8.8:53 egaewc.org udp
US 8.8.8.8:53 vvsuilxuhv.net udp
US 8.8.8.8:53 euqkoiqs.com udp
US 8.8.8.8:53 fxjinaaud.com udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 rkugbrait.info udp
US 8.8.8.8:53 msvohyfak.net udp
US 8.8.8.8:53 vkvsyie.net udp
US 8.8.8.8:53 rcszupxwkutl.info udp
US 8.8.8.8:53 moasnznb.info udp
US 8.8.8.8:53 tdrmfii.info udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 myrrveroj.net udp
US 8.8.8.8:53 xhrmtyvgrgt.org udp
US 8.8.8.8:53 yidyygl.net udp
US 8.8.8.8:53 yyfahytnunvv.net udp
US 8.8.8.8:53 uuwkogsyygie.com udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 ozdkbvnx.net udp
US 8.8.8.8:53 mksfwpksvvw.net udp
US 8.8.8.8:53 grdkrlscmq.net udp
US 8.8.8.8:53 tcskkrnrzb.info udp
US 8.8.8.8:53 porqnkm.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 zwtbzuygbjl.info udp
US 8.8.8.8:53 ewdsfkn.net udp
US 8.8.8.8:53 legorizgqdh.org udp
US 8.8.8.8:53 mizclt.info udp
US 8.8.8.8:53 edyoxcxyj.info udp
US 8.8.8.8:53 ykfytsvkb.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 ewropll.net udp
US 8.8.8.8:53 bidbggoch.info udp
US 8.8.8.8:53 lmdmzsjoeeq.info udp
US 8.8.8.8:53 jcibyrptezyy.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 iwvnaq.net udp
US 8.8.8.8:53 vyopzumdrk.info udp
US 8.8.8.8:53 meisigaq.net udp
US 8.8.8.8:53 nrbdhchbil.info udp
US 8.8.8.8:53 hyrbancimd.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 bkhrprdxba.info udp
US 8.8.8.8:53 rvntqx.net udp
US 8.8.8.8:53 sgtzdbusfra.info udp
US 8.8.8.8:53 zwpycia.info udp
US 8.8.8.8:53 vwozrdfpdv.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 ridxfwtb.net udp
US 8.8.8.8:53 sqsjrrcajvbf.info udp
US 8.8.8.8:53 ltdhzvenqp.net udp
US 8.8.8.8:53 aewyagvm.info udp
US 8.8.8.8:53 fykpigxacnrx.info udp
US 8.8.8.8:53 ogrupxdbstd.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 vuldjh.info udp
US 8.8.8.8:53 uamsom.com udp
US 8.8.8.8:53 caceysocgwiu.org udp
US 8.8.8.8:53 zyfxkmam.net udp
US 8.8.8.8:53 ogwpxoipncv.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 twidbm.info udp
US 8.8.8.8:53 icggomca.com udp
US 8.8.8.8:53 wilgbav.net udp
US 8.8.8.8:53 fgtkjcscl.org udp
US 8.8.8.8:53 bfkqheyc.info udp
US 8.8.8.8:53 jaimfpract.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 etstdmlhq.info udp
US 8.8.8.8:53 jkzldx.info udp
US 8.8.8.8:53 ccfjkyb.info udp
US 8.8.8.8:53 cxfwntjrr.net udp
US 8.8.8.8:53 pnrtsowzkdnv.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 xtcsrpfwsptd.info udp
US 8.8.8.8:53 txxgetozhw.net udp
US 8.8.8.8:53 hzydoouueq.info udp
US 8.8.8.8:53 hirtlvnelyxj.net udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 sanuisfkibr.net udp
US 8.8.8.8:53 whpgaabclog.net udp
US 8.8.8.8:53 mgegcyqiow.com udp
US 8.8.8.8:53 iydobcxefvd.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 ciweyqumuumy.com udp
US 8.8.8.8:53 gxvsrmdener.net udp
US 8.8.8.8:53 gfymvcwuh.net udp
US 8.8.8.8:53 amsndtjo.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 fnesazkyqsox.info udp
US 8.8.8.8:53 hqdyrvhoftbs.net udp
US 8.8.8.8:53 ibirikfizqm.net udp
US 8.8.8.8:53 vulwjyddjzi.com udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 uiiwoq.org udp
US 8.8.8.8:53 hftbhhjhviyv.info udp
US 8.8.8.8:53 lnlfzi.net udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 aoymikouam.org udp
US 8.8.8.8:53 ywqmko.com udp
US 8.8.8.8:53 zrtvkovjom.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 qoucvox.net udp
US 8.8.8.8:53 kmbxvmjc.net udp
US 8.8.8.8:53 ynpczal.info udp
US 8.8.8.8:53 rqphbmhxxuf.info udp
US 8.8.8.8:53 hddqiqqbwel.org udp
US 8.8.8.8:53 nwfmuorac.org udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 cvpdbhwn.info udp
US 8.8.8.8:53 bswnmmvhnq.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 ejzcxaio.info udp
US 8.8.8.8:53 xnusfqlawt.info udp
US 8.8.8.8:53 nywmtwwkpy.net udp
US 8.8.8.8:53 wmcolms.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 yjjtkdqz.info udp
US 8.8.8.8:53 zokeokzo.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 wxgciaqurwh.info udp
US 8.8.8.8:53 jddunhfujk.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 lelelivepax.info udp
US 8.8.8.8:53 irlvbyvoy.info udp
US 8.8.8.8:53 btwshypwf.net udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 xgverpyvdp.net udp
US 8.8.8.8:53 uonfzmikhx.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 twlocmhldt.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 iqcwmg.com udp
US 8.8.8.8:53 fnzqznz.org udp
US 8.8.8.8:53 rqjwlxea.net udp
US 8.8.8.8:53 rghvlsfip.com udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 ledwhiftyinh.info udp
US 8.8.8.8:53 aosefaa.net udp
US 8.8.8.8:53 yeiaci.com udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 zfifnpxiao.info udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 dkbpyqbvre.info udp
US 8.8.8.8:53 jigybdwb.info udp
US 8.8.8.8:53 igannsrhzwz.info udp
US 8.8.8.8:53 cbqbkscpdtuc.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 xaxmdujmkl.net udp
US 8.8.8.8:53 peudsronvm.net udp
US 8.8.8.8:53 doaaxyt.net udp
US 8.8.8.8:53 xufibqe.com udp
US 8.8.8.8:53 coyyxewjl.net udp
US 8.8.8.8:53 wkyqqmbwq.net udp
US 8.8.8.8:53 heiwyulphz.info udp
US 8.8.8.8:53 esmuscgiesgk.com udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 sasycakc.org udp
US 8.8.8.8:53 mkiwmuiq.com udp
US 8.8.8.8:53 dfwecypf.info udp
US 8.8.8.8:53 avsumttezvix.net udp
US 8.8.8.8:53 vzvtbgi.org udp
US 8.8.8.8:53 bmlqxivrq.org udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 xkoqroakw.org udp
US 8.8.8.8:53 oynedoztnqi.info udp
US 8.8.8.8:53 mecsxkouewn.net udp
US 8.8.8.8:53 arcpbol.net udp
US 8.8.8.8:53 tbtuco.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 kkcwya.com udp
US 8.8.8.8:53 oajbbuagf.net udp
US 8.8.8.8:53 nknclgl.org udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 umyicieyee.org udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 wwnqwva.net udp
US 8.8.8.8:53 hdxkedpuqbvy.info udp
US 8.8.8.8:53 qoqngz.net udp
US 8.8.8.8:53 veokxrfdxe.net udp
US 8.8.8.8:53 wqmack.org udp
US 8.8.8.8:53 yaquggcy.org udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 ewqicaaacqme.org udp
US 8.8.8.8:53 jmhcxcxccaz.net udp
US 8.8.8.8:53 emeyma.com udp
US 8.8.8.8:53 rpgdrgz.com udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 rkyezef.net udp
US 8.8.8.8:53 oxhpfdtx.net udp
US 8.8.8.8:53 jnjcpgsu.info udp
US 8.8.8.8:53 wpedik.info udp
US 8.8.8.8:53 egwukhculoz.net udp
US 8.8.8.8:53 juvpmprw.net udp
US 8.8.8.8:53 wsgeyo.com udp
US 8.8.8.8:53 meftoe.info udp
US 8.8.8.8:53 tadymhd.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 nkzphnv.info udp
US 8.8.8.8:53 bzbkpllppgow.info udp
US 8.8.8.8:53 quumkaiism.org udp
US 8.8.8.8:53 vggolunozkp.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 cghevehygcd.net udp
US 8.8.8.8:53 kcxutkf.info udp
US 8.8.8.8:53 fziwiinzuo.net udp
US 8.8.8.8:53 owtcxotml.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 pftatil.net udp
US 8.8.8.8:53 qwjayzvejoh.info udp
US 8.8.8.8:53 veaanvmqk.org udp
US 8.8.8.8:53 nfpbfqub.net udp
US 8.8.8.8:53 yeuemayg.org udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 oyummeoo.org udp
US 8.8.8.8:53 xwhaxstqh.info udp
US 8.8.8.8:53 unudyndta.info udp
US 8.8.8.8:53 fgzigtlaj.com udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 ywrdqwm.info udp
US 8.8.8.8:53 uwwkmokqca.org udp
US 8.8.8.8:53 usmwuc.com udp
US 8.8.8.8:53 akccygksiyug.com udp
US 8.8.8.8:53 nvrwqy.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 finmbzge.info udp
US 8.8.8.8:53 glyrbmqybqad.net udp
US 8.8.8.8:53 vvhhjadlll.net udp
US 8.8.8.8:53 bqdrdk.net udp
US 8.8.8.8:53 jbjrzvbdrc.info udp
US 8.8.8.8:53 obtqfwxlfyz.info udp
US 8.8.8.8:53 botnud.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 qcbzqvbcvw.net udp
US 8.8.8.8:53 vudwmqw.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 aexspotiu.info udp
US 8.8.8.8:53 vedgnsrkz.net udp
US 8.8.8.8:53 tuwejkcgxur.com udp
US 8.8.8.8:53 fcqjve.info udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 odfhlrtueqn.info udp
US 8.8.8.8:53 hsxajww.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 uoicccmk.org udp
US 8.8.8.8:53 tsrhjxtigms.com udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 gmuukamoiguy.org udp
US 8.8.8.8:53 tcihlazqt.net udp
US 8.8.8.8:53 izognhveft.net udp
US 8.8.8.8:53 ktnrjhfg.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 sscsxee.info udp
US 8.8.8.8:53 hybvnkzfslz.info udp
US 8.8.8.8:53 klqfrtqr.net udp
US 8.8.8.8:53 ugpejpr.info udp
US 8.8.8.8:53 eemusgke.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 yosckcusoaiw.org udp
US 8.8.8.8:53 nugsmdmgtj.net udp
US 8.8.8.8:53 lvgvez.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 pypdqajwq.info udp
US 8.8.8.8:53 wolphbzgrfyw.info udp
US 8.8.8.8:53 uotwzps.info udp
US 8.8.8.8:53 xgrtpshgonme.info udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 cqaifgh.net udp
US 8.8.8.8:53 ozrstoxxxrjm.info udp
US 8.8.8.8:53 jyvgslgh.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 bnbbhq.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 gyqkga.org udp
US 8.8.8.8:53 rerixdntrs.net udp
US 8.8.8.8:53 moyawk.org udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 cgtjifnw.net udp
US 8.8.8.8:53 ekgmtmp.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 vplokhvcgeqb.info udp
US 8.8.8.8:53 sqemsuom.com udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 auagfdipnmli.net udp
US 8.8.8.8:53 fcblcown.net udp
US 8.8.8.8:53 vyfyzeyls.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 huhhvcyrcwrf.net udp
US 8.8.8.8:53 fvssqn.info udp
US 8.8.8.8:53 rgvlhd.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 ykyscowicawc.com udp
US 8.8.8.8:53 rplzbsvgljdp.net udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 rgcztgcbx.com udp
US 8.8.8.8:53 dqxesaryned.com udp
US 8.8.8.8:53 mwigmiyk.com udp
US 8.8.8.8:53 afcbcnqa.info udp
US 8.8.8.8:53 vxiehs.info udp
US 8.8.8.8:53 odwiaugtdndm.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 aimhzkryvwc.net udp
US 8.8.8.8:53 pkukytejfsrx.net udp
US 8.8.8.8:53 sylwzoj.info udp
US 8.8.8.8:53 hpymvoy.info udp
US 8.8.8.8:53 ikrubudm.info udp
US 8.8.8.8:53 pwbkngnia.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 jexnvf.net udp
US 8.8.8.8:53 ejnmfqkorkv.net udp
US 8.8.8.8:53 tgxszztxhohm.info udp
US 8.8.8.8:53 vrlrvkn.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 sjjafczpy.info udp
US 8.8.8.8:53 ajgxrtlgtcoj.net udp
US 8.8.8.8:53 khdrxtmn.net udp
US 8.8.8.8:53 moasjuelwgq.info udp
US 8.8.8.8:53 eppoawv.net udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 faqvdihz.net udp
US 8.8.8.8:53 sqdfkkt.net udp
US 8.8.8.8:53 ncasetplu.net udp
US 8.8.8.8:53 babhgcfsfch.org udp
US 8.8.8.8:53 ycdqrsxdau.info udp
US 8.8.8.8:53 geqtzw.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 vqcybqbwty.info udp
US 8.8.8.8:53 osnulal.info udp
US 8.8.8.8:53 mpwzcgpgx.net udp
US 8.8.8.8:53 yzxatfv.net udp
US 8.8.8.8:53 fljyzkdap.net udp
US 8.8.8.8:53 hqvrlpb.info udp
US 8.8.8.8:53 ourkqntiozes.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 bcpkjodeefz.info udp
US 8.8.8.8:53 eebxpcakkur.net udp
US 8.8.8.8:53 iwyskukssioy.org udp
US 8.8.8.8:53 rmgcqroertyx.net udp
US 8.8.8.8:53 pssopyxsz.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 nwlazkdpmkh.com udp
US 8.8.8.8:53 owukjcjvozc.net udp
US 8.8.8.8:53 lyjeldajno.info udp
US 8.8.8.8:53 muuuko.com udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 njqgagxk.net udp
US 8.8.8.8:53 yqbsxwbudmc.info udp
US 8.8.8.8:53 zhindyqidv.net udp
US 8.8.8.8:53 vimywbz.org udp
US 8.8.8.8:53 koccqq.com udp
US 8.8.8.8:53 nebqjhajwgq.com udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 gerifqcxicd.info udp
US 8.8.8.8:53 imcqkcmu.org udp
US 8.8.8.8:53 susobtfwe.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 jzxwzmgsv.info udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 gieicoqq.org udp
US 8.8.8.8:53 gkcwws.com udp
US 8.8.8.8:53 bxvczb.info udp
US 8.8.8.8:53 uclujmtgd.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 jyzudws.info udp
US 8.8.8.8:53 igqayk.org udp
US 8.8.8.8:53 zxzuhg.net udp
US 8.8.8.8:53 fvryxy.net udp
US 8.8.8.8:53 jyjopijy.info udp
US 8.8.8.8:53 fcdpldviugr.net udp
US 8.8.8.8:53 qnhmhzhz.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 fprcteqhbv.info udp
US 8.8.8.8:53 kxtoyvwd.info udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 smsuay.org udp
US 8.8.8.8:53 yyokkm.com udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 zxotuarg.net udp
US 8.8.8.8:53 aekmmkjgd.info udp
US 8.8.8.8:53 lpptlkiczh.info udp
US 8.8.8.8:53 yzkblvznv.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 nycnmu.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 mprqoztojei.info udp
US 8.8.8.8:53 fcvhhvrulxoe.info udp
US 8.8.8.8:53 wznhcgts.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 dsjfghmnst.net udp
US 8.8.8.8:53 wxnuzgx.net udp
US 8.8.8.8:53 eogirckcwuf.net udp
US 8.8.8.8:53 orxqdbnege.net udp
US 8.8.8.8:53 qwwkoy.org udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 qhwfjp.net udp
US 8.8.8.8:53 gimmgwia.com udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 twfhrdpuhtcm.net udp
US 8.8.8.8:53 ekxhvmjsrtl.net udp
US 8.8.8.8:53 dlsxahgdxf.net udp
US 8.8.8.8:53 tkpmllnbfo.info udp
US 8.8.8.8:53 znijdbde.info udp
US 8.8.8.8:53 wgooiqmg.com udp
US 8.8.8.8:53 gxrgecsmx.info udp
US 8.8.8.8:53 brbrcc.net udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 jfalhhyq.net udp
US 8.8.8.8:53 esqzcalw.net udp
US 8.8.8.8:53 gqppiqbwz.info udp
US 8.8.8.8:53 uyunsbtk.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 maykseqogcom.com udp
US 8.8.8.8:53 gogigwcugu.com udp
US 8.8.8.8:53 eupnqdis.net udp
US 8.8.8.8:53 wtqpmt.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 hkqpwirl.info udp
US 8.8.8.8:53 auaglvpgrdk.info udp
US 8.8.8.8:53 audaavvgzz.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 vwtvxuxxtyp.info udp
US 8.8.8.8:53 ccguockcgk.org udp
US 8.8.8.8:53 sshwti.net udp
US 8.8.8.8:53 elnspqmyhfr.info udp
US 8.8.8.8:53 uuyxqq.info udp
US 8.8.8.8:53 zpezhdcf.net udp
US 8.8.8.8:53 hbqlocxntkej.net udp
US 8.8.8.8:53 covipl.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 jybyyonku.com udp
US 8.8.8.8:53 papxte.info udp
US 8.8.8.8:53 bsjvrjq.com udp
US 8.8.8.8:53 rzjupoewpcko.net udp
US 8.8.8.8:53 kqwcckoywa.org udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 ueabvfcw.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 uqtbqcfv.net udp
US 8.8.8.8:53 prwffw.net udp
US 8.8.8.8:53 noloukkuv.com udp
US 8.8.8.8:53 tstgjqh.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 qshmtkhpjyt.info udp
US 8.8.8.8:53 ziztdibmz.org udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 drrjnenqt.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 eotcomaht.info udp
US 8.8.8.8:53 gjaeoezeoeh.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 xipomk.net udp
US 8.8.8.8:53 wlsqjfclvqjf.info udp
US 8.8.8.8:53 ammukc.org udp
US 8.8.8.8:53 cdzohunchgl.info udp
US 8.8.8.8:53 zaiboiueks.net udp
US 8.8.8.8:53 tvwytkdbabaa.info udp
US 8.8.8.8:53 wloqdvmzhkds.info udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 fgxboouothmn.net udp
US 8.8.8.8:53 ecyqooyi.org udp
US 8.8.8.8:53 ojesutze.info udp
US 8.8.8.8:53 aameceog.com udp
US 8.8.8.8:53 vsxajevgzc.net udp
US 8.8.8.8:53 dsfpwchk.net udp
US 8.8.8.8:53 fynkwxkwmonh.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 ymwuoswgcw.com udp
US 8.8.8.8:53 uayiys.org udp
US 8.8.8.8:53 vudccmq.com udp
US 8.8.8.8:53 oshrasn.net udp
US 8.8.8.8:53 uripfmxtznjt.info udp
US 8.8.8.8:53 zgrkimb.org udp
US 8.8.8.8:53 jmtsvuxcfx.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 apsalqtihwz.info udp
US 8.8.8.8:53 dqqwvwor.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 rmqevqzyx.org udp
US 8.8.8.8:53 hinryoi.info udp
US 8.8.8.8:53 pdkawlzmriza.net udp
US 8.8.8.8:53 scigqsuk.org udp
US 8.8.8.8:53 dlvcusjbcyvo.net udp
US 8.8.8.8:53 hedgbsf.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 ieakyaog.org udp
US 8.8.8.8:53 hsfuxc.net udp
US 8.8.8.8:53 ggmjzgkqpkj.net udp
US 8.8.8.8:53 zhdwwptqp.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 ampagwc.info udp
US 8.8.8.8:53 frnknuczlwtb.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 agjbxjfef.info udp
US 8.8.8.8:53 bcfgdktvhwf.com udp
US 8.8.8.8:53 wokguaueuumg.com udp
US 8.8.8.8:53 ygzwqtzj.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 kwpfioy.info udp
US 8.8.8.8:53 ajhcwspan.info udp
US 8.8.8.8:53 iiawgeusqkay.com udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 xjhbmwvwgfzt.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 zanoxijzqnj.org udp
US 8.8.8.8:53 tilmjmp.com udp
US 8.8.8.8:53 dogtoypwkpdw.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 zllmydvmz.info udp
US 8.8.8.8:53 twbgfekdz.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 rixqvklex.org udp
US 8.8.8.8:53 okhrtih.net udp
US 8.8.8.8:53 ieqoywks.com udp
US 8.8.8.8:53 ujuuuflo.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 bwbadm.net udp
US 8.8.8.8:53 ihwrdh.info udp
US 8.8.8.8:53 jefazqfjmr.info udp
US 8.8.8.8:53 hbedxs.net udp
US 8.8.8.8:53 litofrvay.info udp
US 8.8.8.8:53 nulidoxljzh.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 icmmwu.org udp
US 8.8.8.8:53 skamuiyaei.com udp
US 8.8.8.8:53 rylcdow.net udp
US 8.8.8.8:53 xubygqw.com udp
US 8.8.8.8:53 ggwmnf.info udp
US 8.8.8.8:53 iaiukyukomog.com udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 yahjgeoa.net udp
US 8.8.8.8:53 hrznkobgutx.net udp
US 8.8.8.8:53 zsngrdlogmo.info udp
US 8.8.8.8:53 pifynqrwfkr.net udp
US 8.8.8.8:53 cauuaeyuuaku.com udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 dvcqtiii.net udp
US 8.8.8.8:53 eikwayqy.com udp
US 8.8.8.8:53 odalacny.info udp
US 8.8.8.8:53 ixfqywtjowwg.net udp
US 8.8.8.8:53 amkzjioyc.net udp
US 8.8.8.8:53 tgrcrvwypxr.com udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 iyxdly.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 pdbwtorod.net udp
US 8.8.8.8:53 mqiagw.com udp
US 8.8.8.8:53 nbpmpfms.info udp
US 8.8.8.8:53 qcsykaeu.org udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 xsngmd.info udp
US 8.8.8.8:53 aaumweagwq.com udp
US 8.8.8.8:53 ywpfprbu.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 iintbqbmb.net udp
US 8.8.8.8:53 gtbidsb.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 kphcbulnauh.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 wcyoce.org udp
US 8.8.8.8:53 humxbwmfbrrr.info udp
US 8.8.8.8:53 raeglyn.com udp
US 8.8.8.8:53 rwqyzgpvf.org udp
US 8.8.8.8:53 mkdoryk.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 xfrkjydiecd.com udp
US 8.8.8.8:53 xuwazdpfvmfd.info udp
US 8.8.8.8:53 qrdaijlp.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 rxqsod.info udp
US 8.8.8.8:53 eilgbyxjdm.info udp
US 8.8.8.8:53 pkyqpbrgr.info udp
US 8.8.8.8:53 bdjnrwaibhbw.info udp
US 8.8.8.8:53 ucyrbz.net udp
US 8.8.8.8:53 pyjynlpfbur.org udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 batyngvyaap.com udp
US 8.8.8.8:53 omgmaeyiug.com udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 osolzup.info udp
US 8.8.8.8:53 mjgxhmusg.info udp
US 8.8.8.8:53 tjmgkint.net udp
US 8.8.8.8:53 ywimgeuw.com udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 lararacvect.com udp
US 8.8.8.8:53 vgvfsaq.com udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 twkgiylcp.net udp
US 8.8.8.8:53 fgjdovfj.info udp
US 8.8.8.8:53 ocoyag.org udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 zzvuouvb.net udp
US 8.8.8.8:53 fwrwmyi.info udp
US 8.8.8.8:53 vxpuraaapcdg.info udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 akksyeqwmq.com udp
US 8.8.8.8:53 lfftzdxnqhnz.net udp
US 8.8.8.8:53 dnxzgqddic.net udp
US 8.8.8.8:53 rjawmtldgamz.net udp
US 8.8.8.8:53 bgjrldnuoief.net udp
US 8.8.8.8:53 rpckdenv.net udp
US 8.8.8.8:53 hsfoxqyrbkx.org udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 tnrchugkc.net udp
US 8.8.8.8:53 kcegdit.net udp
US 8.8.8.8:53 bbredph.info udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 rkpkjhrvnols.net udp
US 8.8.8.8:53 cvculsbkdejj.info udp
US 8.8.8.8:53 mqzegivbzez.info udp
US 8.8.8.8:53 sigiaaoy.org udp
US 8.8.8.8:53 yqqsnqv.net udp
US 8.8.8.8:53 qapsimp.info udp
US 8.8.8.8:53 gwkgiyoqws.org udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 nvxptklqv.com udp
US 8.8.8.8:53 ktbdvaw.info udp
US 8.8.8.8:53 gtiejksikr.info udp
US 8.8.8.8:53 ymyyekeet.info udp
US 8.8.8.8:53 fbssarhxpnhv.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 kwygzbvmt.info udp
US 8.8.8.8:53 qcaqmq.org udp
US 8.8.8.8:53 iyabzqp.net udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 twpnqfnufwp.net udp
US 8.8.8.8:53 ihzpit.net udp
US 8.8.8.8:53 hecxrefe.info udp
US 8.8.8.8:53 nklsfunczase.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 yzfggvj.net udp
US 8.8.8.8:53 hroyborce.org udp
US 8.8.8.8:53 ibfqjkvki.info udp
US 8.8.8.8:53 jvhuwrreyi.net udp
US 8.8.8.8:53 znemjopmh.org udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 jtkhzoedivxh.info udp
US 8.8.8.8:53 txrwkounzktq.net udp
US 8.8.8.8:53 cybemaa.info udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 nrrobwao.net udp
US 8.8.8.8:53 eikusecm.org udp
US 8.8.8.8:53 ccecysuyekca.org udp
US 8.8.8.8:53 osicygig.org udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 glgmntpx.info udp
US 8.8.8.8:53 eaeyquugik.com udp
US 8.8.8.8:53 lwjtas.info udp
US 8.8.8.8:53 ugztei.net udp
US 8.8.8.8:53 zkkhfamaq.info udp
US 8.8.8.8:53 gwetdgp.net udp
US 8.8.8.8:53 vlsjgaryvq.info udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 lotevdvuhgkc.net udp
US 8.8.8.8:53 foomxud.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 yoppznisbqp.info udp
US 8.8.8.8:53 ziiwcgtiu.com udp
US 8.8.8.8:53 qqvmhub.net udp
US 8.8.8.8:53 gkgotf.net udp
US 8.8.8.8:53 zahehel.info udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 gkxvvas.info udp
US 8.8.8.8:53 hencirhxkz.info udp
US 8.8.8.8:53 jjrtldradreo.info udp
US 8.8.8.8:53 egamlolkcjnc.net udp
US 8.8.8.8:53 xonojzlg.net udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 lovsjp.net udp
US 8.8.8.8:53 xmdbdqjh.info udp
US 8.8.8.8:53 heccxkhojav.com udp
US 8.8.8.8:53 yiwgsw.org udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 tejyvvtib.com udp
US 8.8.8.8:53 shppqawhnylk.info udp
US 8.8.8.8:53 xisolft.org udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 mqwwqhjqhsi.net udp
US 8.8.8.8:53 cddungwtdrrt.net udp
US 8.8.8.8:53 anbcfotguf.net udp
US 8.8.8.8:53 omqyiy.com udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 sfqnpj.info udp
US 8.8.8.8:53 reijpkiw.net udp
US 8.8.8.8:53 esdippl.net udp
US 8.8.8.8:53 wkdphyziq.net udp
US 8.8.8.8:53 yfjqxqqcbyt.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 ygaracoevnrg.info udp
US 8.8.8.8:53 ruzlxeqczrad.net udp
US 8.8.8.8:53 nubqltwcaiv.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 akzglvhlm.net udp
US 8.8.8.8:53 aegauwasiu.com udp
US 8.8.8.8:53 bntbje.net udp
US 8.8.8.8:53 aqlxhgfbx.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 oqlzynytem.net udp
US 8.8.8.8:53 zdbzqiuvg.com udp
US 8.8.8.8:53 gxxkzrsqzln.net udp
US 8.8.8.8:53 hpzmksvbpjxk.net udp
US 8.8.8.8:53 rjevpuvjouzb.info udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 lonabohgi.info udp
US 8.8.8.8:53 noxqplnygjsj.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 cyqkwwwyog.com udp
US 8.8.8.8:53 cobeuoamx.info udp
US 8.8.8.8:53 boibhtxetih.com udp
US 8.8.8.8:53 zrxdhyjf.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 arjrjcqohbxx.info udp
US 8.8.8.8:53 uymmrwj.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 lljdxbddemt.org udp
US 8.8.8.8:53 yayogmgsuusk.org udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 pcinzvcylen.com udp
US 8.8.8.8:53 qejdfl.info udp
US 8.8.8.8:53 uijcnntgs.info udp
US 8.8.8.8:53 lqboxnlsp.net udp
US 8.8.8.8:53 badilopagb.info udp
US 8.8.8.8:53 kcckmuscys.com udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 rytyrg.info udp
US 8.8.8.8:53 dmtcewl.org udp
US 8.8.8.8:53 dhncoj.net udp
US 8.8.8.8:53 xivdkjl.info udp
US 8.8.8.8:53 omtcvam.info udp
US 8.8.8.8:53 wpcpainw.info udp
US 8.8.8.8:53 gwpgldzr.net udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 tshgsyxujit.net udp
US 8.8.8.8:53 ocdjplbwe.info udp
US 8.8.8.8:53 kpguvyz.net udp
US 8.8.8.8:53 daxpretmt.com udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 csiuui.org udp
US 8.8.8.8:53 mbnyhh.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 qvxjdapzz.net udp
US 8.8.8.8:53 kyfufi.info udp
US 8.8.8.8:53 psdagfhfog.net udp
US 8.8.8.8:53 xriuuq.net udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 savmhcm.net udp
US 8.8.8.8:53 hwsxqoryfqb.net udp
US 8.8.8.8:53 ygauwfz.info udp
US 8.8.8.8:53 okkuqw.com udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 okoocnhvgylo.net udp
US 8.8.8.8:53 fihndjwcjxub.net udp
US 8.8.8.8:53 aghfbcv.info udp
US 8.8.8.8:53 hwjuanugjcw.net udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 fkymcjpadqo.org udp
US 8.8.8.8:53 vlunjm.net udp
US 8.8.8.8:53 eqpttgsyhip.net udp
US 8.8.8.8:53 apfntyukxx.net udp
US 8.8.8.8:53 ryzsobqkv.org udp
US 8.8.8.8:53 eitjrhznx.net udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 ccwwwc.com udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 ucccwkucmwio.com udp
US 8.8.8.8:53 mhigwclin.net udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 nifqdskhhor.net udp
US 8.8.8.8:53 wxnkmyr.info udp
US 8.8.8.8:53 cwxqstmlrcpa.info udp
US 8.8.8.8:53 ymmubrwwwvj.net udp
US 8.8.8.8:53 dnlljsoca.com udp
US 8.8.8.8:53 rgqcdv.info udp
US 8.8.8.8:53 faxkbaldjy.net udp
US 8.8.8.8:53 wwsksuusgsgg.com udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 wyolrsvw.info udp
US 8.8.8.8:53 htfpqulj.net udp
US 8.8.8.8:53 wtlmdlsz.net udp
US 8.8.8.8:53 lctlzilmxkr.com udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 ydunbsr.info udp
US 8.8.8.8:53 baabbwk.com udp
US 8.8.8.8:53 eqtvviqg.net udp
US 8.8.8.8:53 dubuseu.info udp
US 8.8.8.8:53 meudpuvkv.net udp
US 8.8.8.8:53 qfarxyyobiu.info udp

Files

C:\Users\Admin\AppData\Local\Temp\qjfmnzhratp.exe

MD5 5203b6ea0901877fbf2d8d6f6d8d338e
SHA1 c803e92561921b38abe13239c1fd85605b570936
SHA256 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060
SHA512 d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471

C:\Windows\SysWOW64\lhsofxnnysjjmaibqh.exe

MD5 b58392cb5dabc4b3851447d47255d4f1
SHA1 4d5beb6e75c2774efe4451caf7fd1ba2ad548e76
SHA256 108e977f71759ac7d303ca9a76b33c440a70f94a68a3e603704afe85de849692
SHA512 53555d5b931fbe748f2679479bfb57ad4560cd2fcf351799b24717d85168d0f96125217d91ee125a26016ed77c30cc5123315c51846aa107ea1681b8682c7c0a

C:\Users\Admin\AppData\Local\Temp\jtschn.exe

MD5 ca4ca5f16cac6b57a29e736ac40495a2
SHA1 adfd899287ec1f6df31b8835c2011e7151921122
SHA256 885e368e07581eeced0d90ac5c7ecb560009a7af2f4575e1ad96cf549fe55fc1
SHA512 fa6ee62b032a0e69e745ada3fe74fd6db016570f64f60295c1c5ed217e1f3b05bceec1f464d95ecc085fb834403d5f72dccc6cc840f2b9ae53dd417f31d97689

C:\Users\Admin\AppData\Local\qfjyitcvzmwplstfnxgvzoyjslpcmfbij.dnw

MD5 566805e4505b062085a8e2c2fffec3e6
SHA1 16f3a28e37596408bb118ddc4695684bfd97f021
SHA256 2b216002eb582f30595107b23a78a918979faf953cc202e838a0beb8c192dd40
SHA512 f444fd94ab5a5645ac654e27bbd5dfd2b373ae07c970e8d37b79e17f5dbf009f0df8556eb46f28c7e2df9b776c25bcc54e44b846a35bd03495d4e9c574d16013

C:\Users\Admin\AppData\Local\zdwazzxfyazhsoefcbzdwa.zxf

MD5 384b69f2b892bbcc5c14054bcd02d6c1
SHA1 190ade05041b38292fe9e7d6b1757c2829a2ac8f
SHA256 87013945130f57c3d388b55433a732a95865d04bd410fb32aab26783f1666eb3
SHA512 2f55fd2777fa6df6014db0e59a7bee57ae45dd9b149f8f31fe552e835bf2f495c7070da09cbada3a8aad91ee816c1d2e0d24a6e85fdb78588b60c09451e5a8b2

C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf

MD5 3870b31e4735220f26dab754597c5c4d
SHA1 15c08c7fd6830d238cbff744e765e2c13819cfc0
SHA256 47cd8b27dd02ab38b0bdcc4fa09a8c28be2f74be58def9666afacb3e2d554642
SHA512 d7006f20f9c32863e24e2dad17c9af545ec97d348d7ef7a160976c5c577c64b83606ba2fdbf8ac330c39fbbecf6a500f013aa8667eea5c2c09a1c223d23f7d90

C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf

MD5 a6ca1c85032bacce08983c5fe483f1ed
SHA1 3aba128cf91de6bf9c37e686dc99ae5a5382482a
SHA256 0a7b2233556493154ae0d670518bac0a5083709d33568a7b373db13678af2cc5
SHA512 3544b6228b17bade3d88b22f3d0bdd2d8b8fc2a3366a524b49ab9c14a42b9348ef7654b451167f9d32cc164b9fc7d4ae4b9a4c3051210b39cf47b51020796045

C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf

MD5 043d7455e08c11ebf081b3c816c06458
SHA1 7852c8cf9aece651f4e4f9a43051923e96b3b594
SHA256 9e8f48061a908b9e0fe641f605246f729fb749c75e31419c7cab210c14ffd614
SHA512 3ddc39fd8c5bc959bed9f160e73127a350ff7c0723eb284a1067646594608641795957f534ec05d4078824e61778c8642ef974cbdf7197fa00fea4957eb7a30a

C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf

MD5 7a8dceafc81fb04f687321de1f3f9ea6
SHA1 c4e5dd47c43de81833a8a9af1e2f5507ee8de125
SHA256 5869420c9533623239e4ddd07cc502408f1e565c8081c6b5d8462cab2086977d
SHA512 22d14c683f41b72c3b92bd5021bfac031fcb274c3f55b4128589aed968f7cf02aba8fdfaa084a49195d846fd20efc811be73233e0c2f061fd174edf58383b7c1

C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf

MD5 20c61e66273ee648487c1b8a73e7e5fa
SHA1 327fb1086e3ec6c716f5203e3110bbf11c6f838f
SHA256 75591366b042fc70ea18317545377c7dd64da12d83c5e50b220b600d71d9ddfc
SHA512 7d1de6e64b9c979d0b220e0027954aa3be0f81f017a4340096a3fa2309025043b8311926558c8b3a978d2742028ac56b9439dc945e636b0394921a3379e7cbf7

C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf

MD5 2af6cae85417546246cc9493d535976c
SHA1 c2543f599db39563cde01f3bf9ac19ebec0e73b5
SHA256 0c9d1db0e2b5efbcf66feb2ffb0410df7b53e415c7b37875299b53b02d87f80a
SHA512 9b4da50da133b15c49f4c22706376915f561841165962f9538d1cc9f7202097e589b484dcd1b66aa5795998b1724c8ddd4a296d0a23d0893c8f01dee098e6aa1

C:\Program Files (x86)\zdwazzxfyazhsoefcbzdwa.zxf

MD5 f6485b3bbcb3cc80259dd5f71fb8b402
SHA1 3a94e282de84b0720fd77ed486858aa07f6ed51f
SHA256 54f1c566949b72dffaf6cbb593ab52e8086ce61b176ce1b957388881b8be2a41
SHA512 e9f7e5530d4ae789f44f75acf3cf884b36b62e62c03c31fea11f593f7e957558bb94162e7a303757707f5624cf8499fb2448a5080c9965fec3dff9449c93a623