Malware Analysis Report

2025-08-10 16:35

Sample ID 250414-qry8qsxrv7
Target JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843
SHA256 439986cced413f04733bd254fd9e49da3c687518b6562ee8ba13b1bfa21b3fd3
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

439986cced413f04733bd254fd9e49da3c687518b6562ee8ba13b1bfa21b3fd3

Threat Level: Known bad

The file JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

UAC bypass

Pykspa family

Pykspa

Detect Pykspa worm

Blocklisted process makes network request

Adds policy Run key to start application

Disables RegEdit via registry modification

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Checks computer location settings

Looks up external IP address via web service

Checks whether UAC is enabled

Adds Run key to start application

Hijack Execution Flow: Executable Installer File Permissions Weakness

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-14 13:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-14 13:30

Reported

2025-04-14 13:32

Platform

win10v2004-20250314-en

Max time kernel

50s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "fxmgqmxvfzbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "fxmgqmxvfzbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "fxmgqmxvfzbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fxmgqmxvfzbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oxdopcet = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bhksq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fxmgqmxvfzbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ypdwfakhqjkprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ypdwfakhqjkprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
N/A N/A C:\Windows\ypdwfakhqjkprerz.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Windows\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
N/A N/A C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
N/A N/A C:\Windows\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Windows\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\ztkgsqddplpxcsitudd.exe N/A
N/A N/A C:\Windows\ypdwfakhqjkprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Windows\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Windows\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
N/A N/A C:\Windows\ypdwfakhqjkprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
N/A N/A C:\Windows\ypdwfakhqjkprerz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "mhzwjiwxkhmvbsjvxhid.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "fxmgqmxvfzbhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qdnchyexcrop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "fxmgqmxvfzbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxqoccrthflvcumzcnple.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qdnchyexcrop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fxmgqmxvfzbhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fxmgqmxvfzbhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fxmgqmxvfzbhkymvu.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fxmgqmxvfzbhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qdnchyexcrop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ztkgsqddplpxcsitudd.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qdnchyexcrop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fxmgqmxvfzbhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhzwjiwxkhmvbsjvxhid.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qdnchyexcrop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ohxsdamlwrubfujttb.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "bxqoccrthflvcumzcnple.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "ztkgsqddplpxcsitudd.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ztkgsqddplpxcsitudd.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mtxgfq = "mhzwjiwxkhmvbsjvxhid.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "mhzwjiwxkhmvbsjvxhid.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ypdwfakhqjkprerz.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpwikybrt = "bxqoccrthflvcumzcnple.exe" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tfocgwbtxlh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mhzwjiwxkhmvbsjvxhid.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zhmwwij = "ohxsdamlwrubfujttb.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "fxmgqmxvfzbhkymvu.exe ." C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yjrehwaruh = "ztkgsqddplpxcsitudd.exe ." C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File created C:\Windows\SysWOW64\qdnchyexcropnwfjdfylvkpgmfkzwxvenr.ngt C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\dfeicidlfjvlywunwnvxwau.vdx C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\SysWOW64\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\SysWOW64\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\SysWOW64\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\dfeicidlfjvlywunwnvxwau.vdx C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Program Files (x86)\qdnchyexcropnwfjdfylvkpgmfkzwxvenr.ngt C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File created C:\Program Files (x86)\qdnchyexcropnwfjdfylvkpgmfkzwxvenr.ngt C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Program Files (x86)\dfeicidlfjvlywunwnvxwau.vdx C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File created C:\Windows\dfeicidlfjvlywunwnvxwau.vdx C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\spjixyorgfmxfyrfjvyvpo.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\bxqoccrthflvcumzcnple.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
File opened for modification C:\Windows\mhzwjiwxkhmvbsjvxhid.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fxmgqmxvfzbhkymvu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ohxsdamlwrubfujttb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bxqoccrthflvcumzcnple.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 408 wrote to memory of 5328 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 408 wrote to memory of 5328 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 408 wrote to memory of 5328 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4952 wrote to memory of 3984 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 4952 wrote to memory of 3984 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 4952 wrote to memory of 3984 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 3472 wrote to memory of 3636 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 3472 wrote to memory of 3636 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 3472 wrote to memory of 3636 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 3636 wrote to memory of 1068 N/A C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 3636 wrote to memory of 1068 N/A C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 3636 wrote to memory of 1068 N/A C:\Windows\ohxsdamlwrubfujttb.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4732 wrote to memory of 3028 N/A C:\Windows\system32\cmd.exe C:\Windows\ztkgsqddplpxcsitudd.exe
PID 4732 wrote to memory of 3028 N/A C:\Windows\system32\cmd.exe C:\Windows\ztkgsqddplpxcsitudd.exe
PID 4732 wrote to memory of 3028 N/A C:\Windows\system32\cmd.exe C:\Windows\ztkgsqddplpxcsitudd.exe
PID 5944 wrote to memory of 1048 N/A C:\Windows\system32\cmd.exe C:\Windows\fxmgqmxvfzbhkymvu.exe
PID 5944 wrote to memory of 1048 N/A C:\Windows\system32\cmd.exe C:\Windows\fxmgqmxvfzbhkymvu.exe
PID 5944 wrote to memory of 1048 N/A C:\Windows\system32\cmd.exe C:\Windows\fxmgqmxvfzbhkymvu.exe
PID 5440 wrote to memory of 1768 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe
PID 5440 wrote to memory of 1768 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe
PID 5440 wrote to memory of 1768 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe
PID 1048 wrote to memory of 1000 N/A C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1048 wrote to memory of 1000 N/A C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1048 wrote to memory of 1000 N/A C:\Windows\fxmgqmxvfzbhkymvu.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 2232 wrote to memory of 4068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe
PID 2232 wrote to memory of 4068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe
PID 2232 wrote to memory of 4068 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe
PID 4068 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe C:\Windows\System32\Conhost.exe
PID 4068 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe C:\Windows\System32\Conhost.exe
PID 4068 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe C:\Windows\System32\Conhost.exe
PID 2260 wrote to memory of 5588 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe
PID 2260 wrote to memory of 5588 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe
PID 2260 wrote to memory of 5588 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe
PID 1472 wrote to memory of 2120 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe
PID 1472 wrote to memory of 2120 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe
PID 1472 wrote to memory of 2120 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe
PID 2120 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 2120 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 2120 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 5328 wrote to memory of 5192 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe
PID 5328 wrote to memory of 5192 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe
PID 5328 wrote to memory of 5192 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe
PID 5328 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe
PID 5328 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe
PID 5328 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe
PID 5024 wrote to memory of 1920 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5024 wrote to memory of 1920 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5024 wrote to memory of 1920 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 5108 wrote to memory of 4576 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 5108 wrote to memory of 4576 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 5108 wrote to memory of 4576 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 4176 wrote to memory of 1616 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 4176 wrote to memory of 1616 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 4176 wrote to memory of 1616 N/A C:\Windows\system32\cmd.exe C:\Windows\ohxsdamlwrubfujttb.exe
PID 5636 wrote to memory of 4856 N/A C:\Windows\system32\cmd.exe C:\Windows\ztkgsqddplpxcsitudd.exe
PID 5636 wrote to memory of 4856 N/A C:\Windows\system32\cmd.exe C:\Windows\ztkgsqddplpxcsitudd.exe
PID 5636 wrote to memory of 4856 N/A C:\Windows\system32\cmd.exe C:\Windows\ztkgsqddplpxcsitudd.exe
PID 1616 wrote to memory of 2308 N/A C:\Windows\ohxsdamlwrubfujttb.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 2308 N/A C:\Windows\ohxsdamlwrubfujttb.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 2308 N/A C:\Windows\ohxsdamlwrubfujttb.exe C:\Windows\system32\cmd.exe
PID 4856 wrote to memory of 3608 N/A C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4856 wrote to memory of 3608 N/A C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 4856 wrote to memory of 3608 N/A C:\Windows\ztkgsqddplpxcsitudd.exe C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe
PID 1132 wrote to memory of 760 N/A C:\Windows\system32\cmd.exe C:\Windows\ztkgsqddplpxcsitudd.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b7ec123ae0594510d03149cc1e4a7843.exe"

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b7ec123ae0594510d03149cc1e4a7843.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe

"C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe" "-C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe"

C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe

"C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe" "-C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe .

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe .

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ypdwfakhqjkprerz.exe*."

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Windows\mhzwjiwxkhmvbsjvxhid.exe

mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ypdwfakhqjkprerz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\ohxsdamlwrubfujttb.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\ohxsdamlwrubfujttb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\bxqoccrthflvcumzcnple.exe*."

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ohxsdamlwrubfujttb.exe*."

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\fxmgqmxvfzbhkymvu.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fxmgqmxvfzbhkymvu.exe

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\users\admin\appdata\local\temp\mhzwjiwxkhmvbsjvxhid.exe*."

C:\Windows\fxmgqmxvfzbhkymvu.exe

fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe .

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ypdwfakhqjkprerz.exe

C:\Windows\ztkgsqddplpxcsitudd.exe

ztkgsqddplpxcsitudd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mhzwjiwxkhmvbsjvxhid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

"C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe" "c:\windows\ztkgsqddplpxcsitudd.exe*."

C:\Windows\ypdwfakhqjkprerz.exe

ypdwfakhqjkprerz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ztkgsqddplpxcsitudd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mhzwjiwxkhmvbsjvxhid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe .

C:\Windows\ohxsdamlwrubfujttb.exe

ohxsdamlwrubfujttb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ztkgsqddplpxcsitudd.exe

C:\Windows\bxqoccrthflvcumzcnple.exe

bxqoccrthflvcumzcnple.exe .

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Users\Admin\AppData\Local\Temp\fxmgqmxvfzbhkymvu.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ohxsdamlwrubfujttb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ypdwfakhqjkprerz.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:80 www.google.com tcp
RU 185.7.154.68:21568 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 ueoblkabnh.net udp
US 8.8.8.8:53 txhjqoihrf.net udp
US 8.8.8.8:53 qhnjfjqvjl.info udp
US 8.8.8.8:53 oeymgaye.com udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
BG 178.239.230.133:40763 tcp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 auqsfd.net udp
US 8.8.8.8:53 biwdpyh.com udp
US 8.8.8.8:53 vetoaes.info udp
US 8.8.8.8:53 nofggbtotit.org udp
US 8.8.8.8:53 qwymyciwqkim.org udp
US 8.8.8.8:53 byjofytqvtc.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 wwrklqg.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 gmysmygm.com udp
US 8.8.8.8:53 wsghgakp.info udp
US 8.8.8.8:53 qtxcie.info udp
US 8.8.8.8:53 suklef.net udp
US 8.8.8.8:53 yqfttueruqb.info udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 iiyqac.org udp
US 8.8.8.8:53 zojqqcz.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 ktzwzrizcn.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 ltsjlqqiyi.info udp
US 8.8.8.8:53 uzcvwd.info udp
US 8.8.8.8:53 lalckpw.org udp
SA 37.43.109.85:37337 tcp
US 8.8.8.8:53 fjrybfgg.net udp
US 8.8.8.8:53 ecznoqkwij.net udp
US 8.8.8.8:53 iahkospyv.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 wigsuaycsu.com udp
US 8.8.8.8:53 hfsgjkdfjbf.com udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 qakcrppsbzw.info udp
US 8.8.8.8:53 pavchcn.net udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 hjzulix.org udp
US 8.8.8.8:53 fajvtnngrz.net udp
US 8.8.8.8:53 cmhjebvakrpv.info udp
US 8.8.8.8:53 meapkmvl.info udp
US 8.8.8.8:53 mdlydix.net udp
US 8.8.8.8:53 okcspymtuedo.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 eoqmgemsga.org udp
US 8.8.8.8:53 eeooeaciququ.org udp
US 8.8.8.8:53 iynavqt.net udp
US 8.8.8.8:53 tzxaoz.net udp
US 8.8.8.8:53 hxvonnqagor.org udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 ikqmeg.org udp
US 8.8.8.8:53 lpqctkbsj.net udp
US 8.8.8.8:53 pkhgxgz.org udp
US 8.8.8.8:53 rnjtfwb.info udp
US 8.8.8.8:53 hjzijavbgyig.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 zkponwo.org udp
US 8.8.8.8:53 khvyxyfgg.net udp
US 8.8.8.8:53 mxerowtawn.info udp
US 8.8.8.8:53 hbtvhgis.net udp
US 8.8.8.8:53 vfphjelbgp.net udp
US 8.8.8.8:53 ivftic.net udp
US 8.8.8.8:53 jopktjmt.net udp
US 8.8.8.8:53 iqsjvovzd.info udp
US 8.8.8.8:53 qqkuzemkr.net udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 cgqeeggaayoq.org udp
US 8.8.8.8:53 ckpgeezgx.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 zhbqfxmyfsdv.net udp
US 8.8.8.8:53 qqscgi.org udp
US 8.8.8.8:53 kswyca.com udp
US 8.8.8.8:53 nbdtxyhovrho.net udp
US 8.8.8.8:53 kcqcyuau.com udp
US 8.8.8.8:53 teyjrp.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 wgkewm.org udp
US 8.8.8.8:53 kofwhynomga.info udp
US 8.8.8.8:53 iqxstfahvdsh.net udp
US 8.8.8.8:53 siuemwks.org udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 qqvfhizi.net udp
US 8.8.8.8:53 inumobfs.info udp
US 8.8.8.8:53 ucesnkd.net udp
US 8.8.8.8:53 uxvikbgmxwz.info udp
US 8.8.8.8:53 imqqisqrsil.info udp
US 8.8.8.8:53 icvovobzsk.net udp
US 8.8.8.8:53 lzjkuvxyh.com udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 igkcym.com udp
US 8.8.8.8:53 kfpyjkdkhul.info udp
US 8.8.8.8:53 zyfitez.info udp
BR 187.37.180.27:44467 tcp
US 8.8.8.8:53 dgluurtvj.com udp
US 8.8.8.8:53 evsodgqbyyj.info udp
US 8.8.8.8:53 ysscmcoy.org udp
US 8.8.8.8:53 huppzipct.net udp
US 8.8.8.8:53 zepzbk.net udp
US 8.8.8.8:53 iwvqppjux.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 ysjgbcxevtm.net udp
US 8.8.8.8:53 mnmvjh.net udp
US 8.8.8.8:53 ppzubag.org udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 hqiczdj.com udp
US 8.8.8.8:53 ewhebkp.info udp
US 8.8.8.8:53 fshwird.com udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 pqsqbivmv.net udp
US 8.8.8.8:53 mcgosaue.org udp
US 8.8.8.8:53 hpcmhcmt.info udp
US 8.8.8.8:53 furnxe.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 bgdgmaf.com udp
US 8.8.8.8:53 twqcfo.net udp
US 8.8.8.8:53 xsirlapgjqx.org udp
US 8.8.8.8:53 obkqioqdio.info udp
US 8.8.8.8:53 cqyusygmga.com udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 nkdwhbmhjyux.net udp
US 8.8.8.8:53 ahhqumwwijkw.net udp
US 8.8.8.8:53 oouccmcqecye.org udp
US 8.8.8.8:53 orwpmn.net udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 xvpjrcpcba.net udp
US 8.8.8.8:53 fwcucf.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 hoqtdy.info udp
US 8.8.8.8:53 nqcsprfy.info udp
US 8.8.8.8:53 liowdrrqnls.org udp
US 8.8.8.8:53 pzumvoiqvk.net udp
US 8.8.8.8:53 zwwecqacpse.org udp
US 8.8.8.8:53 eearzgjluwng.net udp
US 8.8.8.8:53 lixmuor.com udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 prnwrmh.info udp
US 8.8.8.8:53 kvvdll.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 wkkwaijhbdav.info udp
US 8.8.8.8:53 nnvjlkpq.info udp
US 8.8.8.8:53 uafulin.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 giiwyiys.org udp
US 8.8.8.8:53 ssqsoyoqsg.org udp
US 8.8.8.8:53 kpdikvsvzk.info udp
US 8.8.8.8:53 sadsgkh.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 tjhajocuj.com udp
US 8.8.8.8:53 gzrpysiq.info udp
US 8.8.8.8:53 hcfrwoir.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 nsfenav.net udp
US 8.8.8.8:53 yzjknxaccgjl.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 zkrjlvsv.net udp
US 8.8.8.8:53 bmxqlyvoc.com udp
US 8.8.8.8:53 mwamwq.com udp
US 8.8.8.8:53 bcirfkddfk.info udp
US 8.8.8.8:53 lbqunen.info udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 qiiggm.com udp
US 8.8.8.8:53 znxucpwzothx.net udp
US 8.8.8.8:53 pelgjiiknsh.com udp
US 8.8.8.8:53 swdrcwvizldl.info udp
US 8.8.8.8:53 bfzftw.net udp
US 8.8.8.8:53 pgrpuqskvif.com udp
US 8.8.8.8:53 ibtqukbx.net udp
US 8.8.8.8:53 pjbjpbpnjbzl.net udp
US 8.8.8.8:53 mwoqaaowicgq.org udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 kqdlxuxuljmg.net udp
US 8.8.8.8:53 cwnolptodmn.net udp
US 8.8.8.8:53 eyxdwalqvcq.info udp
US 8.8.8.8:53 ipyhfq.info udp
US 8.8.8.8:53 jubvpax.info udp
TR 88.250.231.205:31764 tcp
US 8.8.8.8:53 osmmvonwx.info udp
US 8.8.8.8:53 wsooukocsoqe.org udp
US 8.8.8.8:53 qsykosgugq.com udp
US 8.8.8.8:53 thciuolpzs.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 vlqmgmz.net udp
US 8.8.8.8:53 reormcpmxurp.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 eomcom.com udp
US 8.8.8.8:53 jebezuqyk.net udp
US 8.8.8.8:53 rutveialtme.net udp
US 8.8.8.8:53 jjeqzzp.net udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 wddoedoeq.net udp
US 8.8.8.8:53 rgsgipjev.com udp
US 8.8.8.8:53 ncerna.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 wucyhq.info udp
US 8.8.8.8:53 vcdgmfbhdvxk.info udp
US 8.8.8.8:53 lswqqgsupgk.com udp
US 8.8.8.8:53 sfzrxaw.info udp
US 8.8.8.8:53 wotfiodctxn.net udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 qencplopumco.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 cuuuasqkigok.com udp
US 8.8.8.8:53 xtufxif.org udp
US 8.8.8.8:53 trjqneqpplsq.net udp
US 8.8.8.8:53 qwocicwy.org udp
US 8.8.8.8:53 iwhylqf.net udp
US 8.8.8.8:53 twtxvsppnppm.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 lrbipi.info udp
US 8.8.8.8:53 drgdnplgu.org udp
US 8.8.8.8:53 yimosiqmeocc.com udp
US 8.8.8.8:53 pwkkfcjotyf.net udp
US 8.8.8.8:53 eokwim.com udp
US 8.8.8.8:53 kzbinymgj.net udp
US 8.8.8.8:53 ofxvdrmrsczz.net udp
US 8.8.8.8:53 oascykeu.com udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 jjdtpinl.info udp
US 8.8.8.8:53 asbwhxyigsx.net udp
US 8.8.8.8:53 fwlgpx.net udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 okkjrdxz.net udp
US 8.8.8.8:53 mjzihru.net udp
US 8.8.8.8:53 emiwkawouc.org udp
US 8.8.8.8:53 xcxyun.info udp
US 8.8.8.8:53 tmnxfkv.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 qigxglwcbro.info udp
US 8.8.8.8:53 cljqxyt.net udp
US 8.8.8.8:53 xqydefjviohx.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 aeflpxcwn.net udp
US 8.8.8.8:53 cuoeinpxs.info udp
US 8.8.8.8:53 vsjkbwjt.info udp
US 8.8.8.8:53 rlwgvgtafx.net udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 fgwiqkushae.org udp
US 8.8.8.8:53 ukxahed.info udp
US 8.8.8.8:53 vbgyettnlkzs.info udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 vcfbxm.info udp
US 8.8.8.8:53 sawwcw.org udp
BG 85.217.236.118:24844 tcp
US 8.8.8.8:53 gicioogy.org udp
US 8.8.8.8:53 gojkvsfbruz.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 iumiamgq.com udp
US 8.8.8.8:53 lazrdal.com udp
US 8.8.8.8:53 oqoecm.org udp
US 8.8.8.8:53 ruiymw.info udp
US 8.8.8.8:53 cvzepanza.info udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 pyhchklonzi.org udp
US 8.8.8.8:53 ktjrvimgbi.info udp
US 8.8.8.8:53 lkdssrdk.info udp
US 8.8.8.8:53 mokkooz.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 kaapvzd.net udp
US 8.8.8.8:53 revijogplwto.net udp
US 8.8.8.8:53 tmfdqxvmfi.info udp
US 8.8.8.8:53 wfnoszov.info udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 xspefadst.org udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 ygjnbtvmvvdf.net udp
US 8.8.8.8:53 tptbzw.info udp
US 8.8.8.8:53 atdlzxpl.net udp
US 8.8.8.8:53 frxoacvrjj.info udp
US 8.8.8.8:53 wbfthddgbud.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 jhuawov.net udp
US 8.8.8.8:53 lolklqjyh.net udp
US 8.8.8.8:53 smtoccyy.net udp
US 8.8.8.8:53 ugkkyomicagy.org udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 igkgldpuh.net udp
US 8.8.8.8:53 xojuzcxgxcl.info udp
US 8.8.8.8:53 iyukaskmsg.org udp
US 8.8.8.8:53 cwnzjfvarrv.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 gumqpiv.net udp
US 8.8.8.8:53 cunqflitlgc.net udp
US 8.8.8.8:53 akwisu.org udp
US 8.8.8.8:53 lhajdrnpfmkf.net udp
BG 46.238.11.183:28544 tcp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 dxbcdjmasvkk.net udp
US 8.8.8.8:53 tgqnpbuc.net udp
US 8.8.8.8:53 rhpsjoqh.net udp
US 8.8.8.8:53 tmrsrqcmpqd.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 ufcndu.info udp
US 8.8.8.8:53 gruldiya.info udp
US 8.8.8.8:53 rgspovpcfh.net udp
US 8.8.8.8:53 zzsetkroa.com udp
US 8.8.8.8:53 irzqyprkkowt.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 olxznkh.net udp
US 8.8.8.8:53 woriydsx.net udp
US 8.8.8.8:53 izenvqdleyde.net udp
US 8.8.8.8:53 dxpceknefwb.net udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 midrnzeilljv.info udp
US 8.8.8.8:53 msayvacajgn.info udp
US 8.8.8.8:53 lyrhtecodd.info udp
US 8.8.8.8:53 fqrbbcxnjg.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 chjoaw.info udp
US 8.8.8.8:53 ewpmjkpvf.info udp
US 8.8.8.8:53 olqgvdbo.net udp
US 8.8.8.8:53 wakiim.org udp
US 8.8.8.8:53 rdlhmuhaiv.info udp
US 8.8.8.8:53 lqnfficzqco.com udp
US 8.8.8.8:53 tmbjlqbqt.org udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 vzjddbntt.info udp
US 8.8.8.8:53 kqtqwzl.info udp
US 8.8.8.8:53 nobjabiozo.info udp
US 8.8.8.8:53 iyrrchwgdbr.info udp
US 8.8.8.8:53 csucyiycuskq.com udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 rcgijft.com udp
US 8.8.8.8:53 vpxarjpm.info udp
US 8.8.8.8:53 trhamktcoen.net udp
US 8.8.8.8:53 gjfdpotoxqd.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 defqpar.org udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 mugsgica.org udp
US 8.8.8.8:53 zclsbubgalm.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 jwclkm.info udp
US 8.8.8.8:53 zabrpyp.com udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 muyiygqoqgou.com udp
US 8.8.8.8:53 gancpfzuzav.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 uqnmlex.net udp
US 8.8.8.8:53 locxzt.info udp
US 8.8.8.8:53 cczxlid.net udp
US 8.8.8.8:53 cmiaewyqye.org udp
US 8.8.8.8:53 cjjkbnmedwz.net udp
US 8.8.8.8:53 dxmspobp.net udp
US 8.8.8.8:53 xofrzhyfft.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 cyvvoyfp.net udp
US 8.8.8.8:53 xklzcflmd.net udp
US 8.8.8.8:53 oieuacceicwa.org udp
US 8.8.8.8:53 lcsodhxdv.com udp
US 8.8.8.8:53 xgwjttvivrrk.net udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 deglzbzi.net udp
US 8.8.8.8:53 tmamjxz.org udp
US 8.8.8.8:53 kspzrdnmzahf.net udp
US 8.8.8.8:53 waxinipgchw.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 wwzcljtirek.info udp
US 8.8.8.8:53 xujkrulab.info udp
US 8.8.8.8:53 limjsiv.net udp
US 8.8.8.8:53 rbluiswadsl.info udp
US 8.8.8.8:53 nmssgabaj.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 hzugeuewnwmu.info udp
US 8.8.8.8:53 nnwajbjgh.org udp
US 8.8.8.8:53 yspynbdonzn.net udp
BG 95.43.207.209:39799 tcp
US 8.8.8.8:53 aysojx.info udp
US 8.8.8.8:53 kuqamec.info udp
US 8.8.8.8:53 ohxihwzjqkrd.info udp
US 8.8.8.8:53 qaiuegkygeaa.org udp
US 8.8.8.8:53 hqtnid.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 muosrlb.info udp
US 8.8.8.8:53 omayogtzh.net udp
US 8.8.8.8:53 hyxcxexob.com udp
US 8.8.8.8:53 fujjpg.info udp
US 8.8.8.8:53 jfkohye.org udp
US 8.8.8.8:53 kqmoyqmouw.org udp
US 8.8.8.8:53 bxyort.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 cioenur.net udp
US 8.8.8.8:53 acickqgowciy.com udp
US 8.8.8.8:53 mkpalwhfv.info udp
US 8.8.8.8:53 ccgsekws.com udp
US 8.8.8.8:53 iwiiyg.com udp
US 8.8.8.8:53 yoiinkhezk.net udp
US 8.8.8.8:53 iovcvepor.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 smqueqeuquke.com udp
US 8.8.8.8:53 yrkjtdzwc.net udp
US 8.8.8.8:53 jowuhubhhgc.net udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 fmniewn.net udp
US 8.8.8.8:53 qfnyruqil.net udp
US 8.8.8.8:53 ykvbkvvm.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 alhofqno.info udp
US 8.8.8.8:53 jgplzein.net udp
US 8.8.8.8:53 muumsmcksu.com udp
US 8.8.8.8:53 oycovsuzpls.net udp
US 8.8.8.8:53 arwoaehqtci.info udp
US 8.8.8.8:53 aelqzeomg.info udp
US 8.8.8.8:53 astldrmmbor.net udp
US 8.8.8.8:53 kcycugis.com udp
US 8.8.8.8:53 cyuovog.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 rwwnridywci.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 iadgzibcg.net udp
US 8.8.8.8:53 vghmcigzi.com udp
US 8.8.8.8:53 xetejbint.net udp
US 8.8.8.8:53 yiepbstwb.net udp
US 8.8.8.8:53 mqmyiueiaekq.com udp
US 8.8.8.8:53 iynajsbulen.net udp
US 8.8.8.8:53 afeobmx.info udp
US 8.8.8.8:53 nmpvkkljlvh.com udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 emftuy.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 rxwzzjyko.info udp
US 8.8.8.8:53 uqgswgckwyym.com udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 sewwsuwucy.org udp
US 8.8.8.8:53 amdkloeincl.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 ocugaiei.com udp
US 8.8.8.8:53 cwaopwdnx.net udp
US 8.8.8.8:53 thmspksk.net udp
US 8.8.8.8:53 lfwqzitqv.info udp
US 8.8.8.8:53 bzegplbu.net udp
US 8.8.8.8:53 gykosoqu.org udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 uvyazp.net udp
US 8.8.8.8:53 yepwjal.info udp
US 8.8.8.8:53 odnunidwyets.net udp
US 8.8.8.8:53 zewlpp.info udp
US 8.8.8.8:53 dtsveb.net udp
US 8.8.8.8:53 vyvijbihvn.info udp
MD 93.116.217.31:25844 tcp
US 8.8.8.8:53 evjxlbis.info udp
US 8.8.8.8:53 izmpshmo.net udp
US 8.8.8.8:53 wcfrrwydlcza.info udp
US 8.8.8.8:53 vticvrbuweuq.net udp
US 8.8.8.8:53 pchofazkt.com udp
US 8.8.8.8:53 lmnthgo.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 asasqcyu.org udp
US 8.8.8.8:53 xqtwdcn.net udp
US 8.8.8.8:53 kylzcbiqo.net udp
US 8.8.8.8:53 euqfrwoijcr.info udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 betkqih.info udp
US 8.8.8.8:53 foapdh.net udp
US 8.8.8.8:53 thcwyvnupatf.info udp
US 8.8.8.8:53 prrrtg.net udp
US 8.8.8.8:53 btiflqcdhj.net udp
US 8.8.8.8:53 ypnfwuye.net udp
US 8.8.8.8:53 wnxsbsqlocvb.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 sratbjpi.net udp
US 8.8.8.8:53 oxvmuwvky.net udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 xupbbabop.com udp
US 8.8.8.8:53 nyluzyvwf.com udp
US 8.8.8.8:53 nwpnfmrwojk.org udp
US 8.8.8.8:53 ckwycauo.org udp
US 8.8.8.8:53 zqgkhcn.org udp
US 8.8.8.8:53 cuhwxvbrngl.net udp
BG 46.237.110.115:32120 tcp
US 8.8.8.8:53 aqjbubsaaw.net udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 uxljtpzsdnnh.net udp
US 8.8.8.8:53 zwjabiauuye.info udp
US 8.8.8.8:53 owhamuxacdf.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 ieeywcyqay.org udp
US 8.8.8.8:53 cwhvzhtzzxrd.net udp
US 8.8.8.8:53 sehubezew.net udp
US 8.8.8.8:53 ngrsyizvxqh.com udp
US 8.8.8.8:53 koufluf.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 vfdsdxjdbvhc.info udp
US 8.8.8.8:53 xbhcsgk.org udp
US 8.8.8.8:53 lcpqxmvvqsr.org udp
US 8.8.8.8:53 fftwhwdggmy.net udp
US 8.8.8.8:53 obfhjeqq.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 hxuolpfa.net udp
US 8.8.8.8:53 pksskka.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 kgsyoooicomg.com udp
US 8.8.8.8:53 cmnixqgof.info udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 dhgevojfc.org udp
US 8.8.8.8:53 rjhltljjl.com udp
US 8.8.8.8:53 mfgbbglhxvlt.info udp
US 8.8.8.8:53 ccyumsam.com udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 jsjvbrlxl.org udp
US 8.8.8.8:53 jppmdbpsgonw.net udp
US 8.8.8.8:53 cylahgn.net udp
US 8.8.8.8:53 lviujlz.org udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 yantsqdcy.net udp
US 8.8.8.8:53 wixkbudik.net udp
US 8.8.8.8:53 xgsxzx.net udp
US 8.8.8.8:53 dmnextlozib.com udp
US 8.8.8.8:53 dydomis.com udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 yqlqjyyoqp.info udp
US 8.8.8.8:53 fixlwsut.net udp
US 8.8.8.8:53 tasqsirhfkj.info udp
US 8.8.8.8:53 mwqrclwkdi.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 hhlidzgrpsor.info udp
US 8.8.8.8:53 qgaadcaor.info udp
DZ 41.102.170.59:20802 tcp
US 8.8.8.8:53 lkxytgsxz.info udp
US 8.8.8.8:53 fcvmfmxpbib.info udp
US 8.8.8.8:53 dezjoebqin.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 uogisaiaec.org udp
US 8.8.8.8:53 dsrmhrhqmch.net udp
US 8.8.8.8:53 xkrcrzoez.info udp
US 8.8.8.8:53 xqvctdey.info udp
US 8.8.8.8:53 auaewuse.com udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 rnokvdwot.org udp
US 8.8.8.8:53 liefiypoi.org udp
US 8.8.8.8:53 pakahvwxtmr.info udp
US 8.8.8.8:53 jovyivfzh.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 afjwnxnopem.info udp
US 8.8.8.8:53 epiisblw.net udp
US 8.8.8.8:53 wacgawyspf.info udp
US 8.8.8.8:53 xrlpxvdcsy.net udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 uwmesgwy.com udp
US 8.8.8.8:53 acwmfkvha.net udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 togogbwmi.net udp
US 8.8.8.8:53 vxpodj.net udp
US 8.8.8.8:53 uoimkp.net udp
US 8.8.8.8:53 zxirnyrwc.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 zmdotmhug.com udp
US 8.8.8.8:53 khrzllrydvmf.info udp
US 8.8.8.8:53 vuwgzt.info udp
US 8.8.8.8:53 xtmfroroqfy.com udp
US 8.8.8.8:53 riloegtqp.com udp
US 8.8.8.8:53 ysearkxwv.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 lxytun.net udp
US 8.8.8.8:53 hoophcfyy.org udp
US 8.8.8.8:53 vdgmymv.info udp
US 8.8.8.8:53 ofketorej.info udp
US 8.8.8.8:53 symgoioiui.com udp
US 8.8.8.8:53 aftfolsutqi.net udp
US 8.8.8.8:53 issqvmnca.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 kuibofb.info udp
US 8.8.8.8:53 iolsgsfqt.net udp
US 8.8.8.8:53 kvbyaetsic.net udp
US 8.8.8.8:53 gbenvxfo.net udp
US 8.8.8.8:53 jyosdyycfo.info udp

Files

C:\Users\Admin\AppData\Local\Temp\bbygorkllli.exe

MD5 3e3c01087c73fb92b9e7894ea2df4f46
SHA1 16bec38d3cf73359a2b437fdbd10bbe5c0558a6b
SHA256 42ca9867c6392defa5982df52b51a6d1479db6dc71605ef64b9884840107ccfc
SHA512 6d1fc6d68d9fe41c72f2eee047d71f4d2030482806d45b08d0d59b4c5d6a40f4dcb862e525ef7d1b6c509f2a58c5bcf131842e966f52dfe88101112c9bda365c

C:\Windows\SysWOW64\ohxsdamlwrubfujttb.exe

MD5 b7ec123ae0594510d03149cc1e4a7843
SHA1 909aec9168cdf35f241314791ef8559f88c9c672
SHA256 439986cced413f04733bd254fd9e49da3c687518b6562ee8ba13b1bfa21b3fd3
SHA512 ddfefcf1ae377ca174c684e2e99fc11f351929b44ca62b52271204132cf3e4411cdb537466e87310253eabb16e7a943285501eb967c2b9a7e68ce745fe64dffc

C:\Users\Admin\AppData\Local\Temp\mtxgfq.exe

MD5 7c256dde8cc0e5134f3b5bba6fb5b8c4
SHA1 f96cd5f21d61596a3068bc832334c5a11ef6efcf
SHA256 89f54758d7803f225f928f5b3e764a9ff617c6b560274e6ac52888d3dc825084
SHA512 17ac97e9907a657cae9c723500ed62393f86a6827216b25f21ea2597ceb16b3e41a9bb4534bb6b2c503ce6ea09141cb750621ed5fa8a9816c3eb1c4985c20410

C:\Users\Admin\AppData\Local\dfeicidlfjvlywunwnvxwau.vdx

MD5 16c2ed69c2888e4459b29ffe93a5460e
SHA1 855db10b649e778fcecc2de161a63d5168ea5f8d
SHA256 8415bd9df93622a8b741353cc268b24c8cdfe354b42aa6c74792094cd4257b7b
SHA512 2723c3bff7314195c4a541d990da6959013b466a2c85e343ba2844dff783ce81a5940fd1a4b77f2432329fe42f2161ded576f43291b917e623b80597eddf87cb

C:\Users\Admin\AppData\Local\qdnchyexcropnwfjdfylvkpgmfkzwxvenr.ngt

MD5 e6f7b0ed1419e209e66dab423d9fd94a
SHA1 31b7ad0591a703582840f80adf4a9194c34a11c7
SHA256 7faabf13ac13d402feba4048b09d45d4116112f22ac74859ac1ce9f99020ee5b
SHA512 a8a9ddcdc570f20825c2c06ab276658f4b40a462807ee264ff8f7696bfb85006715e41ff5774a5fca00929e779410096f2eb150e998ce822da2acd9a28f49a6f

C:\Program Files (x86)\dfeicidlfjvlywunwnvxwau.vdx

MD5 c43f4beca267a1ab95ed350e303ea747
SHA1 fcf912bec9007ca1b82cad93cba91a5f70f8d7c3
SHA256 39a2d19bbc6bb42f2d8ea74c8fe7bbdb9ec2a257806b8345849210073f6cfcc5
SHA512 398a3a96deaf52294aa91caa72273abb3edb07e2b300299adc709763a3b6f34c7e2e61c4d28e0b66f8f1303955a48453fff70c22e4f211408c12c2259d6f15a5

C:\Program Files (x86)\dfeicidlfjvlywunwnvxwau.vdx

MD5 f572b9e2a0a8e8da01fff536dcac44f8
SHA1 66ddcfb31a8cf80e97cbdc9789dece2ba9148e26
SHA256 301617102da253d293791c5212de66f845c53f1721a64aa3aba149aa39924b30
SHA512 f9a1032378cf887c977e6026bf981a6b7504c6e225f9da8dfb3e978e47a4bd4f3ae16569a558f98a0af5f526d707ed986bcbbb1553e18e257ecb7180cc317149

C:\Program Files (x86)\dfeicidlfjvlywunwnvxwau.vdx

MD5 0babbbab5adae3b855fcff1eb6727295
SHA1 14d68139fc83cf88d8759f1b5cd8922d81395da3
SHA256 4fc7354dc454403cb64ef82733be9960b401bac363bbcd33b986bb9c69a64b74
SHA512 24bb3d0729e8c4e18918072a5fca8310f23117340e029ce932898eddae3810730bbf4ba0e33b8bf06450edabe99c6e3454e076615a2ccd9a009430f7f52fecaa

C:\Program Files (x86)\dfeicidlfjvlywunwnvxwau.vdx

MD5 21cd8952ba6fabfdb193263f361ebe9d
SHA1 6e251c2f24c3beae37c9d9b906a0ede0126f4993
SHA256 82b0c72a3dc6f2e2442f70eaaa2c4a220a10e20c3ec44515d0d519dd14af9143
SHA512 9fab80d11d83c852de3785ad2fb50f72f25c993f6e4f403a128ac4d0abfb8e82e7eaf69740aa8926863834d27f8b89e057a6c25d36595468e446f66c3e2d870f