Malware Analysis Report

2025-08-10 16:32

Sample ID 250414-lw55mawvay
Target JaffaCakes118_b74f8691313be0c724b71d356c4b9b40
SHA256 084500d412b1e0afe88f92170791f9045e76c35c1bf57b9e912aaab2bcd1ff6d
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

084500d412b1e0afe88f92170791f9045e76c35c1bf57b9e912aaab2bcd1ff6d

Threat Level: Known bad

The file JaffaCakes118_b74f8691313be0c724b71d356c4b9b40 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa family

UAC bypass

Modifies WinLogon for persistence

Pykspa

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks computer location settings

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Adds Run key to start application

Looks up external IP address via web service

Drops file in System32 directory

Drops autorun.inf file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-14 09:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-14 09:53

Reported

2025-04-14 09:56

Platform

win10v2004-20250410-en

Max time kernel

49s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\evocvgeofxbwkitub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation C:\Windows\evocvgeofxbwkitub.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\xnfskuraqhkeroyy.exe N/A
N/A N/A C:\Windows\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\evocvgeofxbwkitub.exe N/A
N/A N/A C:\Windows\xnfskuraqhkeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
N/A N/A C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
N/A N/A C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
N/A N/A C:\Windows\evocvgeofxbwkitub.exe N/A
N/A N/A C:\Windows\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\xnfskuraqhkeroyy.exe N/A
N/A N/A C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
N/A N/A C:\Windows\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
N/A N/A C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Windows\evocvgeofxbwkitub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Windows\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Windows\xnfskuraqhkeroyy.exe N/A
N/A N/A C:\Windows\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
N/A N/A C:\Windows\nfzoiutewpuqfeqsac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
N/A N/A C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "lfbsocdqkfmkbcqueihb.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "evocvgeofxbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "avskhwymhdlkcetyjoojg.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "lfbsocdqkfmkbcqueihb.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "nfzoiutewpuqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "avskhwymhdlkcetyjoojg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "evocvgeofxbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "nfzoiutewpuqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "nfzoiutewpuqfeqsac.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe ." C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "avskhwymhdlkcetyjoojg.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "yrmcxkkwpjpmccpsbec.exe ." C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "evocvgeofxbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "evocvgeofxbwkitub.exe ." C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "lfbsocdqkfmkbcqueihb.exe" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File created C:\Windows\SysWOW64\afmovugejphqsedsncmryahgsqv.tce C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File created C:\Windows\SysWOW64\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File created C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Program Files (x86)\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File created C:\Program Files (x86)\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\afmovugejphqsedsncmryahgsqv.tce C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\yrmcxkkwpjpmccpsbec.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File created C:\Windows\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\avskhwymhdlkcetyjoojg.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\evocvgeofxbwkitub.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
File opened for modification C:\Windows\lfbsocdqkfmkbcqueihb.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfzoiutewpuqfeqsac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnfskuraqhkeroyy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avskhwymhdlkcetyjoojg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evocvgeofxbwkitub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3268 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3268 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3268 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4888 wrote to memory of 4832 N/A C:\Windows\system32\cmd.exe C:\Windows\xnfskuraqhkeroyy.exe
PID 4888 wrote to memory of 4832 N/A C:\Windows\system32\cmd.exe C:\Windows\xnfskuraqhkeroyy.exe
PID 4888 wrote to memory of 4832 N/A C:\Windows\system32\cmd.exe C:\Windows\xnfskuraqhkeroyy.exe
PID 5768 wrote to memory of 4168 N/A C:\Windows\system32\cmd.exe C:\Windows\nfzoiutewpuqfeqsac.exe
PID 5768 wrote to memory of 4168 N/A C:\Windows\system32\cmd.exe C:\Windows\nfzoiutewpuqfeqsac.exe
PID 5768 wrote to memory of 4168 N/A C:\Windows\system32\cmd.exe C:\Windows\nfzoiutewpuqfeqsac.exe
PID 4168 wrote to memory of 4864 N/A C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4168 wrote to memory of 4864 N/A C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4168 wrote to memory of 4864 N/A C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4932 wrote to memory of 1860 N/A C:\Windows\system32\cmd.exe C:\Windows\evocvgeofxbwkitub.exe
PID 4932 wrote to memory of 1860 N/A C:\Windows\system32\cmd.exe C:\Windows\evocvgeofxbwkitub.exe
PID 4932 wrote to memory of 1860 N/A C:\Windows\system32\cmd.exe C:\Windows\evocvgeofxbwkitub.exe
PID 4868 wrote to memory of 1616 N/A C:\Windows\system32\cmd.exe C:\Windows\xnfskuraqhkeroyy.exe
PID 4868 wrote to memory of 1616 N/A C:\Windows\system32\cmd.exe C:\Windows\xnfskuraqhkeroyy.exe
PID 4868 wrote to memory of 1616 N/A C:\Windows\system32\cmd.exe C:\Windows\xnfskuraqhkeroyy.exe
PID 4644 wrote to memory of 2224 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
PID 4644 wrote to memory of 2224 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
PID 4644 wrote to memory of 2224 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
PID 4192 wrote to memory of 3912 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
PID 4192 wrote to memory of 3912 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
PID 4192 wrote to memory of 3912 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
PID 1616 wrote to memory of 2844 N/A C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 1616 wrote to memory of 2844 N/A C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 1616 wrote to memory of 2844 N/A C:\Windows\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3912 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3912 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3912 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 3296 wrote to memory of 4264 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
PID 3296 wrote to memory of 4264 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
PID 3296 wrote to memory of 4264 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
PID 928 wrote to memory of 992 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
PID 928 wrote to memory of 992 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
PID 928 wrote to memory of 992 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
PID 992 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 992 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 992 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
PID 4316 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
PID 4316 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
PID 4316 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
PID 4316 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
PID 4316 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
PID 4316 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
PID 6132 wrote to memory of 3732 N/A C:\Windows\system32\cmd.exe C:\Windows\lfbsocdqkfmkbcqueihb.exe
PID 6132 wrote to memory of 3732 N/A C:\Windows\system32\cmd.exe C:\Windows\lfbsocdqkfmkbcqueihb.exe
PID 6132 wrote to memory of 3732 N/A C:\Windows\system32\cmd.exe C:\Windows\lfbsocdqkfmkbcqueihb.exe
PID 5884 wrote to memory of 3212 N/A C:\Windows\system32\cmd.exe C:\Windows\lfbsocdqkfmkbcqueihb.exe
PID 5884 wrote to memory of 3212 N/A C:\Windows\system32\cmd.exe C:\Windows\lfbsocdqkfmkbcqueihb.exe
PID 5884 wrote to memory of 3212 N/A C:\Windows\system32\cmd.exe C:\Windows\lfbsocdqkfmkbcqueihb.exe
PID 5404 wrote to memory of 3428 N/A C:\Windows\system32\cmd.exe C:\Windows\evocvgeofxbwkitub.exe
PID 5404 wrote to memory of 3428 N/A C:\Windows\system32\cmd.exe C:\Windows\evocvgeofxbwkitub.exe
PID 5404 wrote to memory of 3428 N/A C:\Windows\system32\cmd.exe C:\Windows\evocvgeofxbwkitub.exe
PID 4708 wrote to memory of 460 N/A C:\Windows\system32\cmd.exe C:\Windows\nfzoiutewpuqfeqsac.exe
PID 4708 wrote to memory of 460 N/A C:\Windows\system32\cmd.exe C:\Windows\nfzoiutewpuqfeqsac.exe
PID 4708 wrote to memory of 460 N/A C:\Windows\system32\cmd.exe C:\Windows\nfzoiutewpuqfeqsac.exe
PID 3428 wrote to memory of 1544 N/A C:\Windows\evocvgeofxbwkitub.exe C:\Windows\system32\cmd.exe
PID 3428 wrote to memory of 1544 N/A C:\Windows\evocvgeofxbwkitub.exe C:\Windows\system32\cmd.exe
PID 3428 wrote to memory of 1544 N/A C:\Windows\evocvgeofxbwkitub.exe C:\Windows\system32\cmd.exe
PID 3284 wrote to memory of 3800 N/A C:\Windows\system32\cmd.exe C:\Windows\yrmcxkkwpjpmccpsbec.exe
PID 3284 wrote to memory of 3800 N/A C:\Windows\system32\cmd.exe C:\Windows\yrmcxkkwpjpmccpsbec.exe
PID 3284 wrote to memory of 3800 N/A C:\Windows\system32\cmd.exe C:\Windows\yrmcxkkwpjpmccpsbec.exe
PID 460 wrote to memory of 396 N/A C:\Windows\nfzoiutewpuqfeqsac.exe C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\lrzckk.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe"

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b74f8691313be0c724b71d356c4b9b40.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\lrzckk.exe

"C:\Users\Admin\AppData\Local\Temp\lrzckk.exe" "-C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe"

C:\Users\Admin\AppData\Local\Temp\lrzckk.exe

"C:\Users\Admin\AppData\Local\Temp\lrzckk.exe" "-C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe

C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .

C:\Windows\evocvgeofxbwkitub.exe

evocvgeofxbwkitub.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .

C:\Windows\lfbsocdqkfmkbcqueihb.exe

lfbsocdqkfmkbcqueihb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe

C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe .

C:\Windows\avskhwymhdlkcetyjoojg.exe

avskhwymhdlkcetyjoojg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\yrmcxkkwpjpmccpsbec.exe

yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\nfzoiutewpuqfeqsac.exe

nfzoiutewpuqfeqsac.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."

C:\Windows\xnfskuraqhkeroyy.exe

xnfskuraqhkeroyy.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.ebay.com udp
GB 2.22.69.9:80 www.ebay.com tcp
RU 95.189.55.58:14446 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 asyucmqwso.com udp
US 8.8.8.8:53 zctequzmf.com udp
US 8.8.8.8:53 sioouywkemuc.org udp
US 8.8.8.8:53 fqjigdyg.info udp
US 8.8.8.8:53 lgngijntcjhm.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 yehckg.info udp
US 8.8.8.8:53 tndvbuzy.info udp
US 8.8.8.8:53 doryvejyh.com udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 skimvob.net udp
US 8.8.8.8:53 zwvaapui.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 boazurwzck.info udp
US 8.8.8.8:53 uotewdbrzo.info udp
US 8.8.8.8:53 vwgvzgdurh.net udp
US 8.8.8.8:53 ioaiqcikuc.org udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 ptbvyatvvj.info udp
US 8.8.8.8:53 hyrude.info udp
US 8.8.8.8:53 aikuwcquuiko.com udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 mcfbkit.info udp
US 8.8.8.8:53 coeizkpwdk.info udp
US 8.8.8.8:53 mqtkbipeziq.info udp
US 8.8.8.8:53 biytqasfdu.net udp
US 8.8.8.8:53 pnjoxjy.info udp
US 8.8.8.8:53 bflnme.net udp
US 8.8.8.8:53 qgyyoiiw.com udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 lnzroglj.info udp
US 8.8.8.8:53 lrymlrdtjbhd.info udp
US 8.8.8.8:53 ittsyzrrjm.net udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 wgxyrutqp.info udp
US 8.8.8.8:53 htpwvvnsf.org udp
US 8.8.8.8:53 aondtqt.net udp
US 8.8.8.8:53 qntaoel.info udp
US 8.8.8.8:53 movgfsdwr.info udp
LV 78.84.218.4:27356 tcp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 hsbosicqc.info udp
US 8.8.8.8:53 bqqvlkfbpoxe.net udp
US 8.8.8.8:53 umwijwj.info udp
US 8.8.8.8:53 iytodsbisuo.net udp
US 8.8.8.8:53 ptwksw.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 evwwmude.info udp
US 8.8.8.8:53 ldbart.info udp
US 8.8.8.8:53 yblddsaaif.net udp
US 8.8.8.8:53 judsuewse.com udp
US 8.8.8.8:53 xmsipppsr.com udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 wviozv.net udp
US 8.8.8.8:53 aetipoxybr.info udp
US 8.8.8.8:53 qakcrppsbzw.info udp
US 8.8.8.8:53 oklmael.net udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 ndjvtnngrz.net udp
US 8.8.8.8:53 iljkjae.net udp
US 8.8.8.8:53 hwblsehcjwn.info udp
US 8.8.8.8:53 bvjgxcelqp.net udp
US 8.8.8.8:53 vcjcrgw.com udp
US 8.8.8.8:53 okcspymtuedo.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 xloqzvsr.net udp
US 8.8.8.8:53 kiimoaok.com udp
US 8.8.8.8:53 pudsnxcxfczc.info udp
US 8.8.8.8:53 xyfpah.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 noxycgxidn.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 bynbfmxjn.com udp
US 8.8.8.8:53 gmvoppxtkgt.net udp
US 8.8.8.8:53 moweocmwaa.com udp
US 8.8.8.8:53 rzinhia.com udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 bynqxfrqtzpw.net udp
US 8.8.8.8:53 kyvsyxnidsg.net udp
US 8.8.8.8:53 mckskvvaki.net udp
US 8.8.8.8:53 dgvmrsxm.info udp
US 8.8.8.8:53 jopktjmt.net udp
US 8.8.8.8:53 quxaukpwt.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 dlpbiolepj.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 vouctivsggf.com udp
US 8.8.8.8:53 yckmou.org udp
US 8.8.8.8:53 kswyca.com udp
US 8.8.8.8:53 kcqcyuau.com udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 qlqufaxrp.info udp
US 8.8.8.8:53 tdztzsqy.info udp
US 8.8.8.8:53 ezrmjlw.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
BG 92.247.201.209:38201 tcp
US 8.8.8.8:53 sayavg.net udp
US 8.8.8.8:53 kgmgkawemm.com udp
US 8.8.8.8:53 vezavqvndj.net udp
US 8.8.8.8:53 ugeokmwomu.com udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 xqucue.net udp
US 8.8.8.8:53 pipodqivxs.info udp
US 8.8.8.8:53 qhzvdmxbwl.net udp
US 8.8.8.8:53 kfpyjkdkhul.info udp
US 8.8.8.8:53 igyyyo.org udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 foasctjambzh.info udp
US 8.8.8.8:53 ejkugfxutrxy.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 yqxorcfuj.info udp
US 8.8.8.8:53 fubbhwv.com udp
US 8.8.8.8:53 uahsukjptgj.net udp
US 8.8.8.8:53 xzaxqg.info udp
US 8.8.8.8:53 hbezcutd.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 eszjkq.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 hhibvfrueu.info udp
US 8.8.8.8:53 hafbavpa.net udp
US 8.8.8.8:53 nalmtvn.com udp
US 8.8.8.8:53 javezcv.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 kybtfr.info udp
US 8.8.8.8:53 ikkeyoyo.com udp
US 8.8.8.8:53 kcdbbrxrgigv.net udp
US 8.8.8.8:53 clhxnkhgamhd.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 wxmsgbyxfx.info udp
US 8.8.8.8:53 ewvclsvwi.info udp
US 8.8.8.8:53 cymaokemakyi.org udp
BG 78.128.94.67:36130 tcp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 nhuylajs.net udp
US 8.8.8.8:53 nobwkgf.org udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 eljlorggpu.info udp
US 8.8.8.8:53 gjastpdhlgpt.info udp
US 8.8.8.8:53 qamcqebhhwj.info udp
US 8.8.8.8:53 xklcckrjgga.com udp
US 8.8.8.8:53 zwwecqacpse.org udp
US 8.8.8.8:53 fqtrhnhaq.net udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 ukecaioess.org udp
US 8.8.8.8:53 cemeym.com udp
US 8.8.8.8:53 qgmwycoiqe.org udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 fhrlcnqxjo.net udp
US 8.8.8.8:53 caoymmyquweu.org udp
BG 77.77.28.177:14149 tcp
US 8.8.8.8:53 kpbaszrplr.info udp
US 8.8.8.8:53 lnsdxxdzlr.info udp
US 8.8.8.8:53 ginaolen.net udp
US 8.8.8.8:53 juvjtcxmbcj.org udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 jxudjpfp.net udp
US 8.8.8.8:53 fodqdo.info udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 ialjnoyc.net udp
US 8.8.8.8:53 uafwbzlrusn.net udp
US 8.8.8.8:53 firgsip.info udp
US 8.8.8.8:53 vipwtkjs.net udp
US 8.8.8.8:53 rwuekogqoj.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 zgvivlfmh.org udp
US 8.8.8.8:53 kedyoyywu.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 xqneoci.com udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 ertvno.info udp
US 8.8.8.8:53 hkpgakl.org udp
US 8.8.8.8:53 kxiwerlzfi.net udp
US 8.8.8.8:53 ueqsqqwuuu.org udp
US 8.8.8.8:53 uvjfwvqcmn.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 sfnhpoh.net udp
US 8.8.8.8:53 fyxshoawfmk.org udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 ltjxqtelmjsp.info udp
US 8.8.8.8:53 ljqlqdti.info udp
US 8.8.8.8:53 otvnilhx.info udp
US 8.8.8.8:53 ppqirsono.com udp
US 8.8.8.8:53 mqoksgcm.com udp
US 8.8.8.8:53 imbwpmrwrhd.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 saiqcwkeoy.org udp
US 8.8.8.8:53 ghpvqgnekiva.net udp
US 8.8.8.8:53 secafox.net udp
US 8.8.8.8:53 ejzkxe.net udp
US 8.8.8.8:53 jkvcxzjvq.org udp
US 8.8.8.8:53 loyujoe.info udp
US 8.8.8.8:53 aupdexfxetwp.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 hyujziq.net udp
US 8.8.8.8:53 jtdmxrxms.info udp
US 8.8.8.8:53 fmfpvqbrpkxr.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 tqfodplkyvis.info udp
US 8.8.8.8:53 zbfwaagzl.net udp
US 8.8.8.8:53 umyqoiomog.org udp
US 8.8.8.8:53 babmpzyxbpbx.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 zhzabl.net udp
US 8.8.8.8:53 nctksil.info udp
US 8.8.8.8:53 iwjfbzzag.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 lyjbun.net udp
US 8.8.8.8:53 nadifhn.net udp
CZ 213.250.202.46:18259 tcp
US 8.8.8.8:53 mmvjhuh.net udp
US 8.8.8.8:53 tbjrhnhajizz.net udp
US 8.8.8.8:53 cyrfhsb.net udp
US 8.8.8.8:53 rlpjcaldsroh.net udp
US 8.8.8.8:53 updnps.info udp
US 8.8.8.8:53 wojwfel.net udp
US 8.8.8.8:53 ebqdvyr.net udp
US 8.8.8.8:53 yhvupuyodsy.net udp
US 8.8.8.8:53 yuyuaaeeguys.com udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 bzazez.info udp
US 8.8.8.8:53 lvokxt.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jjdtpinl.info udp
US 8.8.8.8:53 zbngjcqhgdn.com udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 lnwwjrmolow.org udp
US 8.8.8.8:53 nazafu.info udp
US 8.8.8.8:53 hkpitkrcvuck.net udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 hjjdaohx.info udp
US 8.8.8.8:53 pcqscatdlcp.org udp
US 8.8.8.8:53 nojnuuiyi.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 zowbtnlsqlxs.net udp
US 8.8.8.8:53 oudyxksirgr.info udp
US 8.8.8.8:53 qigxglwcbro.info udp
US 8.8.8.8:53 ipqvmtco.info udp
US 8.8.8.8:53 fundpqswvju.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 lmzbpmtefoh.info udp
US 8.8.8.8:53 cuoeinpxs.info udp
US 8.8.8.8:53 njaujcw.com udp
US 8.8.8.8:53 oeuiaqky.org udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 okhcsv.net udp
US 8.8.8.8:53 onswdwcvanvo.info udp
US 8.8.8.8:53 fcxolbfnpi.info udp
US 8.8.8.8:53 cyswuoeeiq.org udp
US 8.8.8.8:53 ftczfn.net udp
US 8.8.8.8:53 vdxytu.net udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 ptasdrwvk.com udp
US 8.8.8.8:53 zpicpyje.info udp
US 8.8.8.8:53 ygqsou.com udp
US 8.8.8.8:53 lzbjkx.info udp
BG 213.231.140.54:18629 tcp
US 8.8.8.8:53 scshgocipjrn.info udp
US 8.8.8.8:53 fqjodojek.net udp
US 8.8.8.8:53 jdjuwqh.org udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 kjqjcgfqmc.info udp
US 8.8.8.8:53 vknwnip.org udp
US 8.8.8.8:53 rksuxqw.com udp
US 8.8.8.8:53 lkdssrdk.info udp
US 8.8.8.8:53 aeuqec.com udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 byliyuvx.info udp
US 8.8.8.8:53 svcimt.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 skvunpveqm.info udp
US 8.8.8.8:53 rwigvjhys.com udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 vqcudkf.net udp
US 8.8.8.8:53 zwxmwffuj.info udp
US 8.8.8.8:53 ygmweovw.info udp
US 8.8.8.8:53 zapoxcdz.net udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 iaugcm.com udp
US 8.8.8.8:53 jqqjgsoldzvj.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 whyevwnwxax.net udp
US 8.8.8.8:53 ljxgaxcetwqy.info udp
US 8.8.8.8:53 gowucu.org udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 btbwilqnkeit.info udp
US 8.8.8.8:53 vozrbedmf.net udp
US 8.8.8.8:53 ardlcnjyrzba.net udp
US 8.8.8.8:53 dtagpztrwf.net udp
US 8.8.8.8:53 uaqqyg.com udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 ftbmfipmypt.info udp
US 8.8.8.8:53 nbwhhyzq.info udp
BG 77.77.28.177:14149 tcp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 pxztvc.net udp
US 8.8.8.8:53 oqkeacmqgk.org udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 ekgromxr.info udp
US 8.8.8.8:53 zsnqiyrgkkk.info udp
US 8.8.8.8:53 yqqeuqmw.com udp
US 8.8.8.8:53 pwicdevnnk.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 giyiyggm.com udp
US 8.8.8.8:53 aaapvrjoodn.info udp
US 8.8.8.8:53 dhccxev.info udp
US 8.8.8.8:53 ksuuljviijfe.net udp
US 8.8.8.8:53 asksucgo.com udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 rfclyyuob.info udp
US 8.8.8.8:53 xkzycstqaac.org udp
US 8.8.8.8:53 cwegkmca.org udp
US 8.8.8.8:53 fwhvms.info udp
US 8.8.8.8:53 nobjabiozo.info udp
US 8.8.8.8:53 rchkxhvp.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 dizywkvw.net udp
US 8.8.8.8:53 bhbvewtgdtxv.info udp
US 8.8.8.8:53 cztmbzrryxyt.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 wiwsrwt.net udp
US 8.8.8.8:53 zwhrbbf.info udp
US 8.8.8.8:53 xkbjrdt.org udp
US 8.8.8.8:53 qergtku.net udp
US 8.8.8.8:53 pdwsgzhxqs.info udp
US 8.8.8.8:53 wgmcycyg.org udp
US 8.8.8.8:53 yiaawysu.com udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 rhrimtdhngfr.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 wimayiai.org udp
US 8.8.8.8:53 jlpkjwnlvfdh.info udp
US 8.8.8.8:53 oqtcogfttc.net udp
US 8.8.8.8:53 hxbuskh.net udp
US 8.8.8.8:53 lmbzjzx.com udp
US 8.8.8.8:53 tsietarqz.org udp
US 8.8.8.8:53 pfpati.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 jyxavylem.org udp
US 8.8.8.8:53 hdhwht.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 mdwzqbhakd.info udp
US 8.8.8.8:53 ocnntzjdva.info udp
US 8.8.8.8:53 giixdozdwwyk.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 dvbhjmxaietv.info udp
US 8.8.8.8:53 ksnkvvfsjww.info udp
US 8.8.8.8:53 hujgquptg.org udp
US 8.8.8.8:53 lmnytkpyfvp.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 qfxcnxa.net udp
TW 114.25.66.163:32525 tcp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 zdziokmiv.info udp
US 8.8.8.8:53 uxlqjic.info udp
US 8.8.8.8:53 jpictlccylz.com udp
US 8.8.8.8:53 eaaktqnrxm.info udp
US 8.8.8.8:53 bynopcdaxak.info udp
US 8.8.8.8:53 szpodivq.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 hwyjjsbmz.org udp
US 8.8.8.8:53 socobjptrpza.net udp
US 8.8.8.8:53 hcfxerjo.info udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 ohxihwzjqkrd.info udp
US 8.8.8.8:53 sfwuszxuneuh.info udp
US 8.8.8.8:53 kfvsvwrbnop.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 vvyzgslndv.info udp
US 8.8.8.8:53 vmhxaqhdey.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 cpwmxfjy.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 dptenslsxb.info udp
US 8.8.8.8:53 jowuhubhhgc.net udp
US 8.8.8.8:53 forldkzh.net udp
US 8.8.8.8:53 ryaufyfgzsv.org udp
US 8.8.8.8:53 iapwjub.info udp
US 8.8.8.8:53 bidfdqbm.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 ysdjgfjfnynt.net udp
US 8.8.8.8:53 nyyfqi.net udp
US 8.8.8.8:53 rilvfp.info udp
US 8.8.8.8:53 ykvbkvvm.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 tylakiwli.com udp
US 8.8.8.8:53 vufinzzow.org udp
US 8.8.8.8:53 vgjclsxcjsf.net udp
US 8.8.8.8:53 jonjadfo.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 hilsfa.info udp
US 8.8.8.8:53 duxkrwx.net udp
US 8.8.8.8:53 yuqmbrm.net udp
US 8.8.8.8:53 uwhyfxkce.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 asjisejgl.net udp
US 8.8.8.8:53 uutegeyinkf.net udp
US 8.8.8.8:53 jsglwfrbtg.info udp
US 8.8.8.8:53 cmbjpdeak.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 iizkvixpfqf.net udp
RO 91.239.128.186:34591 tcp
US 8.8.8.8:53 uqpinafsn.info udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 acgsaiau.com udp
US 8.8.8.8:53 qkfcztfoj.net udp
US 8.8.8.8:53 huuykmy.net udp
US 8.8.8.8:53 txdduuodth.info udp
US 8.8.8.8:53 rsnwtkzrysev.info udp
US 8.8.8.8:53 oodzhvjmnafp.info udp
US 8.8.8.8:53 xtnbfo.net udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 auecuqsoic.com udp
US 8.8.8.8:53 gfnwlf.net udp
US 8.8.8.8:53 eimmgikc.org udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 hudwzmbmdfmi.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 vdzoiea.info udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 vgxgzewucgu.info udp
US 8.8.8.8:53 jltwbqn.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 smvmnexqnqc.net udp
US 8.8.8.8:53 nkhzupdeex.net udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 fmvqphnmh.com udp
US 8.8.8.8:53 mkwijetne.net udp
US 8.8.8.8:53 odnunidwyets.net udp
US 8.8.8.8:53 aqdhtlqcrv.info udp
US 8.8.8.8:53 cldhikbdlh.info udp
US 8.8.8.8:53 zewlpp.info udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 rwzefablv.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 fybarnc.info udp
US 8.8.8.8:53 jwpjneblygd.com udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 awvuvchmmol.info udp
US 8.8.8.8:53 clpxlv.net udp
US 8.8.8.8:53 ubbflhvz.info udp
US 8.8.8.8:53 fknwfojqjam.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 ucuycq.com udp
US 8.8.8.8:53 vymelbrup.org udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 dpqifsez.net udp
US 8.8.8.8:53 epynholg.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 ktdvtnm.net udp
US 8.8.8.8:53 emookwkcagym.com udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 scxpacz.info udp
US 8.8.8.8:53 napglxr.net udp
US 8.8.8.8:53 paryrfvhlu.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 pbbdwivhqvo.net udp
US 8.8.8.8:53 suocddlavus.net udp
US 8.8.8.8:53 dgpebixchmt.com udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 uaqmwcqm.com udp
US 8.8.8.8:53 hsfoub.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 cvfyvsoy.info udp
US 8.8.8.8:53 cmnixqgof.info udp
US 8.8.8.8:53 ptxefxn.info udp
US 8.8.8.8:53 rwctbax.net udp
US 8.8.8.8:53 pkqsuftgj.org udp
US 8.8.8.8:53 zhtwhmle.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 tvnjempef.net udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 cwdgjoryenl.info udp
US 8.8.8.8:53 botzemvkgur.info udp
US 8.8.8.8:53 rmcutekuvyx.info udp
US 8.8.8.8:53 zytspqu.com udp
KZ 178.91.38.71:37040 tcp
US 8.8.8.8:53 aycsky.org udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 firbfgqk.net udp
US 8.8.8.8:53 vuzrdhtnrr.net udp
US 8.8.8.8:53 mozwuqi.info udp
US 8.8.8.8:53 odzftmnrdyr.info udp
US 8.8.8.8:53 ugxibmj.info udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 sgbycngah.net udp
US 8.8.8.8:53 raxkdwhszel.org udp
US 8.8.8.8:53 cddrkcb.info udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 vmbslbjgjes.com udp
US 8.8.8.8:53 fcmxrcusdb.net udp
US 8.8.8.8:53 oukucokekagi.com udp
US 8.8.8.8:53 pjeqnw.net udp
US 8.8.8.8:53 awqyug.org udp
US 8.8.8.8:53 dkhlvwpwsurs.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 kasakiikoa.org udp
US 8.8.8.8:53 yauome.org udp
US 8.8.8.8:53 mxwilwaidqxn.info udp
US 8.8.8.8:53 xguinair.info udp
US 8.8.8.8:53 xwtdloi.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 lqzuvin.net udp
US 8.8.8.8:53 yhfofeqthrj.net udp
US 8.8.8.8:53 hslmnixcvim.net udp
US 8.8.8.8:53 usfrfkxeztg.info udp
US 8.8.8.8:53 cxtdmrttxz.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 xkriosp.com udp
US 8.8.8.8:53 ijtppgrcld.info udp
US 8.8.8.8:53 naxnoyy.net udp
US 8.8.8.8:53 ptzrhn.info udp
US 8.8.8.8:53 hfvkcej.info udp
US 8.8.8.8:53 zwinbqgsmg.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
KZ 95.58.12.59:21832 tcp
US 8.8.8.8:53 wkrbdr.net udp
US 8.8.8.8:53 lnanjh.info udp
US 8.8.8.8:53 qcttkjtqh.info udp
US 8.8.8.8:53 nafowtt.net udp
US 8.8.8.8:53 vqmttml.com udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 qdsgkm.info udp
US 8.8.8.8:53 yojyjxozz.info udp
US 8.8.8.8:53 havcusv.org udp
US 8.8.8.8:53 uoimkp.net udp
US 8.8.8.8:53 csogagmkek.com udp
US 8.8.8.8:53 piycqexj.info udp
US 8.8.8.8:53 zxirnyrwc.info udp
US 8.8.8.8:53 cwsrdedg.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 wsksucgg.com udp
US 8.8.8.8:53 wjfqcwhwayd.info udp
US 8.8.8.8:53 upjymsnpj.info udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 lkdfbshvrupv.net udp
US 8.8.8.8:53 megerxmtcz.info udp
US 8.8.8.8:53 zhmmgbpjty.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 cdvtpnayh.info udp
US 8.8.8.8:53 qskomm.org udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 dahqzsbgq.com udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 qmvxqytwv.info udp
US 8.8.8.8:53 iouqgiog.org udp
US 8.8.8.8:53 nyresspqn.info udp
US 8.8.8.8:53 fxyxxeks.info udp
US 8.8.8.8:53 yqsaem.com udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 vkhtrespzx.info udp
US 8.8.8.8:53 fodswmrsv.org udp
US 8.8.8.8:53 jpgbbgpi.net udp
US 8.8.8.8:53 wvpqvnhs.net udp
US 8.8.8.8:53 eqcwnx.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 bktcqmpdy.info udp
US 8.8.8.8:53 zrapdv.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 ssareehbrp.net udp
US 8.8.8.8:53 yyhqkmcfww.net udp
US 8.8.8.8:53 lgumhqlobcd.net udp
US 8.8.8.8:53 xevgjq.info udp
US 8.8.8.8:53 vxbpjwtqi.info udp
US 8.8.8.8:53 sllkhuszsuzt.net udp
US 8.8.8.8:53 clvdfupwy.net udp
US 8.8.8.8:53 wpxcrz.info udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
RU 109.110.50.202:25607 tcp
US 8.8.8.8:53 rhqunaow.info udp
US 8.8.8.8:53 tinfvirjpax.info udp
US 8.8.8.8:53 hdxfzbpnluke.net udp
US 8.8.8.8:53 gkfagmip.info udp
US 8.8.8.8:53 wuyamjhrhyuw.info udp
US 8.8.8.8:53 ouygywyu.org udp
US 8.8.8.8:53 kltyamkuex.net udp
US 8.8.8.8:53 uaoqoucsaakk.com udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 kprckfdmfob.net udp
US 8.8.8.8:53 eyyyis.org udp
US 8.8.8.8:53 cecrfwhwtroo.info udp
US 8.8.8.8:53 uybazwfqrxr.info udp
US 8.8.8.8:53 zuloqvku.net udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 giqauouqqmkm.com udp
US 8.8.8.8:53 tjagypmeal.info udp
US 8.8.8.8:53 okoinuwltuz.info udp
US 8.8.8.8:53 wcfezihlr.net udp
US 8.8.8.8:53 hykikzdidpzi.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 lcthla.info udp
US 8.8.8.8:53 elqtcmlahg.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 gukhocvihudn.net udp
US 8.8.8.8:53 aimgoy.com udp
US 8.8.8.8:53 ttnpvvkkmw.info udp
US 8.8.8.8:53 daachsffi.net udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 himxcrep.info udp
US 8.8.8.8:53 gkxxvorb.net udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 fwgwckfcfsz.org udp
US 8.8.8.8:53 eojlzu.net udp
US 8.8.8.8:53 qwwideqblqb.net udp
US 8.8.8.8:53 usyoiymway.org udp
US 8.8.8.8:53 lynxnomvvwp.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 fpzwmmrebv.net udp
US 8.8.8.8:53 aialdwz.info udp
US 8.8.8.8:53 zvhavss.info udp
US 8.8.8.8:53 hipmpajjra.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 ckyeqgrazyd.net udp
US 8.8.8.8:53 csphlpv.info udp
US 8.8.8.8:53 inngezqe.net udp
US 8.8.8.8:53 vmzkhybal.com udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 ebrbxierrmtd.net udp
US 8.8.8.8:53 tnfqxaf.com udp
US 8.8.8.8:53 lyokfun.net udp
US 8.8.8.8:53 rslqlylwxhp.com udp
US 8.8.8.8:53 yemyckkmkk.org udp
US 8.8.8.8:53 geoaded.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
BG 77.236.171.20:33144 tcp
US 8.8.8.8:53 asgeowgk.com udp
US 8.8.8.8:53 jcgnqwtifgp.com udp
US 8.8.8.8:53 itaormua.info udp
US 8.8.8.8:53 smmsvtzorejh.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 wbpsctjc.net udp
US 8.8.8.8:53 eckwae.org udp
US 8.8.8.8:53 zmtmgzmsoxfj.net udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 fcjwziatfqe.net udp
US 8.8.8.8:53 oxxrzfxtf.net udp
US 8.8.8.8:53 yoensg.info udp
US 8.8.8.8:53 zghcrlfnmtia.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 xgrurgokxvb.info udp
US 8.8.8.8:53 zgniyzxgvcq.info udp
US 8.8.8.8:53 gqfiwfmm.info udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 rvxacy.net udp
US 8.8.8.8:53 rlgzsbuk.info udp
US 8.8.8.8:53 otazhhf.info udp
US 8.8.8.8:53 hlrobkzj.info udp
US 8.8.8.8:53 hummglka.net udp
US 8.8.8.8:53 goeieghozql.info udp
US 8.8.8.8:53 hppnegnnvdte.info udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 dasnharfxh.info udp
US 8.8.8.8:53 uqmgms.org udp
US 8.8.8.8:53 ouhcxfvpfbpb.info udp
US 8.8.8.8:53 mymoey.org udp
US 8.8.8.8:53 qisiai.com udp
HK 47.242.162.24:80 qisiai.com tcp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 euuaaon.net udp
US 8.8.8.8:53 dykxpx.info udp
US 8.8.8.8:53 tuhvrdel.info udp
RU 109.171.90.106:22110 tcp
US 8.8.8.8:53 zcskos.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 dfnnrje.org udp
US 8.8.8.8:53 pzfiwqyqxbs.com udp
US 8.8.8.8:53 bfsklthmls.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 wukcbxfcxdc.net udp
US 8.8.8.8:53 eqxycetq.net udp
US 8.8.8.8:53 joonzqksh.org udp
US 8.8.8.8:53 kueiyoug.org udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 uihuolfkt.net udp
US 8.8.8.8:53 bstybvfjv.com udp
US 8.8.8.8:53 jbacuchohmfp.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 auogaseguc.org udp
US 8.8.8.8:53 gxifzmtmdmd.net udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 aqtnsvdtri.net udp
US 8.8.8.8:53 nayrcqrc.info udp
US 8.8.8.8:53 awsowmcmwy.org udp
US 8.8.8.8:53 khatprlscnrf.info udp
US 8.8.8.8:53 kxdavijru.info udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 iknwzonufar.net udp
US 8.8.8.8:53 rutolinym.info udp
MD 37.75.121.125:14721 tcp
US 8.8.8.8:53 nrsvarp.net udp
US 8.8.8.8:53 pmvstpxm.info udp
US 8.8.8.8:53 foaxboj.com udp
US 8.8.8.8:53 jxrsguntrqte.net udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 vfxcjwdkt.net udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 twzkumgrn.info udp
US 8.8.8.8:53 tvrgqgaqziy.com udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 btsnbthg.net udp
US 8.8.8.8:53 radgbgnvexv.info udp
US 8.8.8.8:53 yimwkptojcpm.net udp
US 8.8.8.8:53 hamklvptv.net udp
US 8.8.8.8:53 bigujmh.info udp
US 8.8.8.8:53 djswnin.info udp
US 8.8.8.8:53 pynemskeiz.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 dvzupzik.net udp
US 8.8.8.8:53 mmoiws.com udp
US 8.8.8.8:53 mducygpufzx.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 ebqxxu.net udp
US 8.8.8.8:53 fevnrt.info udp
US 8.8.8.8:53 plaswwogu.org udp
US 8.8.8.8:53 ligfqq.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 csbavublv.net udp
US 8.8.8.8:53 owgezktu.net udp
US 8.8.8.8:53 dxtssmnfayj.com udp
US 8.8.8.8:53 zizfnya.org udp
US 8.8.8.8:53 uwfjnsartkdk.info udp
US 8.8.8.8:53 dehkhcf.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 bcujza.info udp
US 8.8.8.8:53 btpqiyzbta.info udp
RU 95.189.55.58:14446 tcp
US 8.8.8.8:53 pgacpb.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 wltbxaqy.net udp
US 8.8.8.8:53 pnfbqhduanpq.info udp
US 8.8.8.8:53 nivujolqktz.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 agyuoicmgqmm.com udp
US 8.8.8.8:53 gaqewu.org udp
US 8.8.8.8:53 suziiyral.net udp
US 8.8.8.8:53 zznyjs.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 audgklfnyu.info udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 rwlybwbnvoj.info udp
US 8.8.8.8:53 plapldjmi.com udp
US 8.8.8.8:53 fivgtmmsw.com udp
US 8.8.8.8:53 qksqwckkys.com udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 uooilgh.info udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 ckjumof.net udp
US 8.8.8.8:53 ronfjocvgwsp.info udp
US 8.8.8.8:53 salkkys.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 callxbzyrkz.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 rdmsbqjccvv.net udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 gmewyg.com udp
US 8.8.8.8:53 rlhmvu.info udp
US 8.8.8.8:53 viomrqdwd.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 htvyfqdup.org udp
US 8.8.8.8:53 hgiqgeranuh.net udp
US 8.8.8.8:53 zubjxcfgeex.info udp
US 8.8.8.8:53 cewgruml.info udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 jfeydnpyn.org udp
US 8.8.8.8:53 miqmcw.org udp
US 8.8.8.8:53 fmpulsr.info udp
US 8.8.8.8:53 aiyuqebb.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 tltswyl.net udp
US 8.8.8.8:53 qyoaskcgqc.com udp
US 8.8.8.8:53 rpellsmrymr.com udp
US 8.8.8.8:53 jvmcmvvkhwtf.info udp
MK 31.11.76.79:43722 tcp
US 8.8.8.8:53 pxcdfqk.com udp
US 8.8.8.8:53 wqmqyiaeymsq.com udp
US 8.8.8.8:53 pyaeeynap.net udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 dxpryx.info udp
US 8.8.8.8:53 aebrbrznaiz.info udp
US 8.8.8.8:53 qigyqmgqii.com udp
US 8.8.8.8:53 jiqvkqsc.net udp
US 8.8.8.8:53 dwrxxwr.net udp
US 8.8.8.8:53 yyazfelydch.net udp
US 8.8.8.8:53 sgrrorisnneh.info udp
US 8.8.8.8:53 zkhkfyrmsoz.net udp
US 8.8.8.8:53 jirvheawi.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 uzrxraff.info udp
US 8.8.8.8:53 caseiusauewy.com udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 jnhmwo.info udp
US 8.8.8.8:53 brfejft.org udp
US 8.8.8.8:53 favalue.info udp
US 8.8.8.8:53 ajkddkb.net udp
US 8.8.8.8:53 ebmysqefufzp.net udp
US 8.8.8.8:53 pmnepmfgk.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 uwoageowycmg.com udp
US 8.8.8.8:53 vtpwjergy.net udp
US 8.8.8.8:53 zurigindbkk.com udp
US 8.8.8.8:53 bigyuhtjnee.info udp
US 8.8.8.8:53 tmrojlas.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 dlswmfbe.info udp
US 8.8.8.8:53 eyhihop.info udp
US 8.8.8.8:53 cunmhkmkw.info udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 zrfmzybktgg.info udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 dsxudsjkzov.com udp
US 8.8.8.8:53 weuvrakoze.info udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 ayxelepip.net udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 zdfabfgpbv.info udp
US 8.8.8.8:53 aieaqoasmwuk.com udp
US 8.8.8.8:53 itmlhzkyld.net udp
US 8.8.8.8:53 sydgvut.info udp
MD 37.75.121.125:14721 tcp
US 8.8.8.8:53 wihuylvihss.info udp
US 8.8.8.8:53 trvffbiqdh.info udp
US 8.8.8.8:53 cmylgwjfvjsz.info udp
US 8.8.8.8:53 dobddgn.info udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 ymuyuyiyoa.com udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 hepsyjgvjvka.net udp
US 8.8.8.8:53 qeqohxhh.info udp
US 8.8.8.8:53 kkkekekiue.com udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 dcxknxpy.net udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 whdwifwwd.net udp
US 8.8.8.8:53 bellqatwhkc.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 nwuepapxxpif.net udp
US 8.8.8.8:53 kagcswsmguis.org udp
US 8.8.8.8:53 kgcwsqig.org udp
US 8.8.8.8:53 gfyprakc.info udp
US 8.8.8.8:53 nwbstster.org udp
US 8.8.8.8:53 ibtwwktdhz.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 rxckgphztzyo.net udp
US 8.8.8.8:53 wavnhrxw.net udp
US 8.8.8.8:53 sqhqrwb.net udp
US 8.8.8.8:53 rscaheewbg.net udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 vaxonqp.com udp
US 8.8.8.8:53 ggfwboh.net udp
US 8.8.8.8:53 sryyhw.net udp
US 8.8.8.8:53 bqgmcyl.org udp
US 8.8.8.8:53 qfjutozcvyx.net udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 wpnuzfpjljqt.info udp
US 8.8.8.8:53 ycgkucsc.org udp

Files

C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe

MD5 fdd9adf2de6a1a1433c066254b4ed189
SHA1 c14f7e8c60af1fbf5a543c0749f4f97fe590b927
SHA256 7a59a9c5e74fba9bde69bd0f7e943b9f480f3a23fc504f879252182c78d3209a
SHA512 e190243cc06e957505575a5b1cea32cc560faaeba187828d8adffaba36ca75fe1ff2d898acd2c40ff3af67ef5519afada64a8d49bff507862e31ef22ed853a54

C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe

MD5 b74f8691313be0c724b71d356c4b9b40
SHA1 a204d8d3fb87e6de59c77498fc9a0ed9bd50d214
SHA256 084500d412b1e0afe88f92170791f9045e76c35c1bf57b9e912aaab2bcd1ff6d
SHA512 be13201bf5c29b776c4d259166ccbbfabee4213aa698c25b77b430a66faf02c0af6cf693bf3ea585d49a3db1cad349769486ad0b7351c58bdb123faf3b33012a

C:\Users\Admin\AppData\Local\Temp\lrzckk.exe

MD5 5cf2cab3034b2f360e6e402f5d47b222
SHA1 3b1e526d549d4be2abeadbfffaf07f373b7a91db
SHA256 c7e41fb2d6d01d6fb6eb5f2017c87e48bfc87d7a75ad5d9ba2c1498e1427b31a
SHA512 069cce634354f454b427505d7b4ac4f9df3505615f185e6b45682ea9be6028c40000ab025fe09e97d73a03aa4907a215a661cebb5243540b9efa9606a9006df9

C:\Users\Admin\AppData\Local\afmovugejphqsedsncmryahgsqv.tce

MD5 68d89fa77d0e9f304e8bb395bd5e6e38
SHA1 3348b8ef3ea09b2d00a5b0ec652b91f9f6fbbd7e
SHA256 32b937b765f0a3d3947211496b16d2a1b965bc86a3f88de86be906271958e751
SHA512 63c9df7f958fe65db3de7aad236982e8c6ca1a8727a7b33ecb397a06592dcd9967fb49345d0ed65b1794a20f8700d0c2b236ad36cae347686d63e7a15d283958

C:\Users\Admin\AppData\Local\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy

MD5 d79336a08e707cf8c92fbc951d381b91
SHA1 6040d2d402840652c5ee734ab051639260e275fa
SHA256 6dc1cfbf5908e891a049596195fdeb8898fa722fb43cdecc69a3cd92a19826ba
SHA512 9ca6f1e2d09df3a1123517fb1e65a1fb10f77d8ebbf1f19b59b2bc2e02b0e26e7918f2375dbaaeb4cef6ccc47aedc6d1976c9a5421389e18d627d95a7b178e5c

C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce

MD5 b1478bd384607f78ef665452be09be5a
SHA1 a331d62d4f83569a36c5728b42861c59859af712
SHA256 8a1fd51db1295f3483debbb6de11ce338c6e07704862d6e58e72cddcd561c243
SHA512 7294d1c867f4b789b313593e09edfe7b9b3defb3976628d2c5c8c642d2a10ea3baf893c34e056123a8e1bae4c070239f60b89c2683b4feab49542fcd7545a220

C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce

MD5 3f1e03cfff14c317323be045c68f8325
SHA1 ddd712cc7f63ec5361c1317926a9b0fb17dc3997
SHA256 2ab47c34a850676cff3d90e192bd6e87ab18605ecc2ef2e19dfd5de6ff6a1dc3
SHA512 4cf3e1499bf3f06f71e65a7b64602e16f3b2dbadb0270821564732fa10b0a54e52b6c34b919abc49cf8c83179835277c0678c8e90af706a89b8c992d14e15f65

C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce

MD5 b68839c81e08b2a5eab07c89a868fd9d
SHA1 4ef9d03e2b51802b05f93265ddd213d165820c0c
SHA256 547dace1a0c6e86d8036ebab03817441e5c98dc7651119b7b611e85b4ae26363
SHA512 90086f8b8dec7e9d8ea51c88e0e80fcfb213f966e0cf05e556f88bc68cacb100b23f741329c49bd9e3f0348f8161d81f3d365aa8d549ed80ea85faedec3c3abf

C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce

MD5 6793436f4603b62596d6e511a57ab5b8
SHA1 45f2312cac520b24d67014305ec329951dad9fe5
SHA256 8633c8aabb3c1e0866d57faa878784ab6aa6528bd33d75d323488e34865b862a
SHA512 712a17e7ec51aa3bcd7116d7c1a1fe599c07f8006272777c5a1c599a606dc46c06db7c7327895927f638c5b1a3f50db1622bc90d0f8a8a2f506f9adab53c76cc

C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce

MD5 5169ecd12e1524999038daa2c26fb54e
SHA1 daf6c24b2a7f2e29d23c3baa1f6084b1be5032ce
SHA256 818ffb2d8bffca118310ed34bbf9cd2028df9301b35a7ffe0a89b86c950a8da5
SHA512 a16551e6fccb10e798ff5a387116c038ee89e7460fbb3e55dcddb12bf47d8c42238b7526d106551886c773f095a23a97d82d3b58fa6fd65b56e92eacd1da7430

C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce

MD5 521bfadda5409e98604425c85ad35195
SHA1 9415dedd8ba4f46d99b3731b3eef83b9eb630bc4
SHA256 16888e5f5e5bb262d1a9c3462f41467c54cff97e950a3f75d36c4302ac1215d6
SHA512 0e4c01d5de5bea922d068060d826520aad9ddc32c563b83453e0da5281ba0d2d440d167031253a76f7a2d6b9f8ea389800dc5415ac00ecb46faa237c5dda71ff