Malware Analysis Report

2025-08-10 16:35

Sample ID 250414-syb3ws1xaz
Target JaffaCakes118_b838d06aa2f9970dfda79463310cf899
SHA256 858805f6ee17321afae6ca22e35791ac8e1391dfe77317d0c0681f4f43c08aa3
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

858805f6ee17321afae6ca22e35791ac8e1391dfe77317d0c0681f4f43c08aa3

Threat Level: Known bad

The file JaffaCakes118_b838d06aa2f9970dfda79463310cf899 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Pykspa

Pykspa family

UAC bypass

Modifies WinLogon for persistence

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Blocklisted process makes network request

Checks computer location settings

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Looks up external IP address via web service

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-14 15:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-14 15:31

Reported

2025-04-14 15:34

Platform

win10v2004-20250410-en

Max time kernel

42s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "tuhhaqezxocupxopsef.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\clubpwipa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctkzvketmytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "tuhhaqezxocupxopsef.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "tuhhaqezxocupxopsef.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nzlvmwlvjqgn = "wpizxokbwkhvniqhila.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tijxeik = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\skofpwbnck = "sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\sihclient.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\sqaxnaldymxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\sqaxnaldymxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\sqaxnaldymxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\sqaxnaldymxmejxv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Windows\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\sqaxnaldymxmejxv.exe N/A
N/A N/A C:\Windows\iiutlanheuhyszpprc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
N/A N/A C:\Windows\giwxrixtskzsoxprviky.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Windows\giwxrixtskzsoxprviky.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\iiutlanheuhyszpprc.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Windows\sqaxnaldymxmejxv.exe N/A
N/A N/A C:\Windows\giwxrixtskzsoxprviky.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Windows\sqaxnaldymxmejxv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Windows\giwxrixtskzsoxprviky.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Windows\giwxrixtskzsoxprviky.exe N/A
N/A N/A C:\Windows\giwxrixtskzsoxprviky.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Windows\sqaxnaldymxmejxv.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
N/A N/A C:\Windows\zyjhymyrncoexdsrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzmxpaqbqypxj = "ctkzvketmytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\nbpbugxjziajwm = "vlbpkyrfxicncuzn.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zyjhymyrncoexdsrs.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "sqaxnaldymxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "vynpkcsppiyspzsvaorgi.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "giwxrixtskzsoxprviky.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "sqaxnaldymxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vynpkcsppiyspzsvaorgi.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "tuhhaqezxocupxopsef.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "giwxrixtskzsoxprviky.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "tuhhaqezxocupxopsef.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "zyjhymyrncoexdsrs.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "zyjhymyrncoexdsrs.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "iiutlanheuhyszpprc.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "zyjhymyrncoexdsrs.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sqaxnaldymxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kekdpyftkubm = "giwxrixtskzsoxprviky.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iiutlanheuhyszpprc.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "zyjhymyrncoexdsrs.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe ." C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\zqtjsycnb = "sqaxnaldymxmejxv.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vlbpkyrfxicncuzn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jdxpogdvrgetmirjlpfz.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "iiutlanheuhyszpprc.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kgojxirhamviyb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyapxcfp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\giwxrixtskzsoxprviky.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\jelfsckzrckwl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tuhhaqezxocupxopsef.exe ." C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3833542908-3750648139-3436651901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngldowcpfou = "vynpkcsppiyspzsvaorgi.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vfpxmuhpbg = "ctkzvketmytfvouji.exe" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\SysWOW64\vihtyaahruuyfzcpecpoafhhoyb.fmg C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\SysWOW64\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File created C:\Windows\SysWOW64\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File created C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Program Files (x86)\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File created C:\Program Files (x86)\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File created C:\Windows\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\vihtyaahruuyfzcpecpoafhhoyb.fmg C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\mqgjfypnoizusdxbhwaqtp.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\sqaxnaldymxmejxv.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
File opened for modification C:\Windows\giwxrixtskzsoxprviky.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
File opened for modification C:\Windows\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sqaxnaldymxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ytohhayroedtnkunqvmhc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sqaxnaldymxmejxv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zyjhymyrncoexdsrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\tuhhaqezxocupxopsef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\giwxrixtskzsoxprviky.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\iiutlanheuhyszpprc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\vynpkcsppiyspzsvaorgi.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2532 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2532 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2532 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4168 wrote to memory of 2000 N/A C:\Windows\system32\cmd.exe C:\Windows\zyjhymyrncoexdsrs.exe
PID 4168 wrote to memory of 2000 N/A C:\Windows\system32\cmd.exe C:\Windows\zyjhymyrncoexdsrs.exe
PID 4168 wrote to memory of 2000 N/A C:\Windows\system32\cmd.exe C:\Windows\zyjhymyrncoexdsrs.exe
PID 1108 wrote to memory of 3572 N/A C:\Windows\system32\cmd.exe C:\Windows\zyjhymyrncoexdsrs.exe
PID 1108 wrote to memory of 3572 N/A C:\Windows\system32\cmd.exe C:\Windows\zyjhymyrncoexdsrs.exe
PID 1108 wrote to memory of 3572 N/A C:\Windows\system32\cmd.exe C:\Windows\zyjhymyrncoexdsrs.exe
PID 3572 wrote to memory of 2512 N/A C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3572 wrote to memory of 2512 N/A C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 3572 wrote to memory of 2512 N/A C:\Windows\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2252 wrote to memory of 3164 N/A C:\Windows\system32\cmd.exe C:\Windows\sqaxnaldymxmejxv.exe
PID 2252 wrote to memory of 3164 N/A C:\Windows\system32\cmd.exe C:\Windows\sqaxnaldymxmejxv.exe
PID 2252 wrote to memory of 3164 N/A C:\Windows\system32\cmd.exe C:\Windows\sqaxnaldymxmejxv.exe
PID 3596 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\iiutlanheuhyszpprc.exe
PID 3596 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\iiutlanheuhyszpprc.exe
PID 3596 wrote to memory of 4988 N/A C:\Windows\system32\cmd.exe C:\Windows\iiutlanheuhyszpprc.exe
PID 4528 wrote to memory of 4796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
PID 4528 wrote to memory of 4796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
PID 4528 wrote to memory of 4796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe
PID 4988 wrote to memory of 1040 N/A C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4988 wrote to memory of 1040 N/A C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4988 wrote to memory of 1040 N/A C:\Windows\iiutlanheuhyszpprc.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1376 wrote to memory of 2396 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
PID 1376 wrote to memory of 2396 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
PID 1376 wrote to memory of 2396 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe
PID 2396 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2396 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2396 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 2224 wrote to memory of 3504 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
PID 2224 wrote to memory of 3504 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
PID 2224 wrote to memory of 3504 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe
PID 1872 wrote to memory of 1800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
PID 1872 wrote to memory of 1800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
PID 1872 wrote to memory of 1800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe
PID 1800 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1800 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 1800 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe
PID 4412 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
PID 4412 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
PID 4412 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
PID 4412 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
PID 4412 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
PID 4412 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe C:\Users\Admin\AppData\Local\Temp\tijxeik.exe
PID 2956 wrote to memory of 4716 N/A C:\Windows\system32\cmd.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 2956 wrote to memory of 4716 N/A C:\Windows\system32\cmd.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 2956 wrote to memory of 4716 N/A C:\Windows\system32\cmd.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 640 wrote to memory of 4924 N/A C:\Windows\system32\cmd.exe C:\Windows\giwxrixtskzsoxprviky.exe
PID 640 wrote to memory of 4924 N/A C:\Windows\system32\cmd.exe C:\Windows\giwxrixtskzsoxprviky.exe
PID 640 wrote to memory of 4924 N/A C:\Windows\system32\cmd.exe C:\Windows\giwxrixtskzsoxprviky.exe
PID 3176 wrote to memory of 5000 N/A C:\Windows\system32\cmd.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 3176 wrote to memory of 5000 N/A C:\Windows\system32\cmd.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 3176 wrote to memory of 5000 N/A C:\Windows\system32\cmd.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 2664 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\giwxrixtskzsoxprviky.exe
PID 2664 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\giwxrixtskzsoxprviky.exe
PID 2664 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\giwxrixtskzsoxprviky.exe
PID 3392 wrote to memory of 4380 N/A C:\Windows\giwxrixtskzsoxprviky.exe C:\Windows\System32\Conhost.exe
PID 3392 wrote to memory of 4380 N/A C:\Windows\giwxrixtskzsoxprviky.exe C:\Windows\System32\Conhost.exe
PID 3392 wrote to memory of 4380 N/A C:\Windows\giwxrixtskzsoxprviky.exe C:\Windows\System32\Conhost.exe
PID 5000 wrote to memory of 3508 N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 5000 wrote to memory of 3508 N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 5000 wrote to memory of 3508 N/A C:\Windows\vynpkcsppiyspzsvaorgi.exe C:\Windows\vynpkcsppiyspzsvaorgi.exe
PID 1044 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Windows\iiutlanheuhyszpprc.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\tijxeik.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b838d06aa2f9970dfda79463310cf899.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b838d06aa2f9970dfda79463310cf899.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\tijxeik.exe

"C:\Users\Admin\AppData\Local\Temp\tijxeik.exe" "-C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe"

C:\Users\Admin\AppData\Local\Temp\tijxeik.exe

"C:\Users\Admin\AppData\Local\Temp\tijxeik.exe" "-C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv GZrhVJxNwkmIOcZqG5AQqA.0.1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe .

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\vlbpkyrfxicncuzn.exe

vlbpkyrfxicncuzn.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vlbpkyrfxicncuzn.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vlbpkyrfxicncuzn.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ctkzvketmytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .

C:\Windows\vlbpkyrfxicncuzn.exe

vlbpkyrfxicncuzn.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\ytohhayroedtnkunqvmhc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\ctkzvketmytfvouji.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ctkzvketmytfvouji.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ldvliytjdqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\ldvliytjdqmzqkrhhj.exe

ldvliytjdqmzqkrhhj.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe .

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe .

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\ldvliytjdqmzqkrhhj.exe*."

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\jdxpogdvrgetmirjlpfz.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\giwxrixtskzsoxprviky.exe*."

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\vynpkcsppiyspzsvaorgi.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe

C:\Users\Admin\AppData\Local\Temp\tuhhaqezxocupxopsef.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sqaxnaldymxmejxv.exe .

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\sqaxnaldymxmejxv.exe

sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vynpkcsppiyspzsvaorgi.exe

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\sqaxnaldymxmejxv.exe*."

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\vynpkcsppiyspzsvaorgi.exe

vynpkcsppiyspzsvaorgi.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\giwxrixtskzsoxprviky.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\zyjhymyrncoexdsrs.exe*."

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\tuhhaqezxocupxopsef.exe

tuhhaqezxocupxopsef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\tuhhaqezxocupxopsef.exe*."

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe

C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\zyjhymyrncoexdsrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe

C:\Users\Admin\AppData\Local\Temp\sqaxnaldymxmejxv.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\sqaxnaldymxmejxv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ctkzvketmytfvouji.exe .

C:\Windows\ctkzvketmytfvouji.exe

ctkzvketmytfvouji.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c vlbpkyrfxicncuzn.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ctkzvketmytfvouji.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ytohhayroedtnkunqvmhc.exe .

C:\Windows\vlbpkyrfxicncuzn.exe

vlbpkyrfxicncuzn.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Windows\ytohhayroedtnkunqvmhc.exe

ytohhayroedtnkunqvmhc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c iiutlanheuhyszpprc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe

"C:\Users\Admin\AppData\Local\Temp\wdkpbgq.exe" "-C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe"

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\ytohhayroedtnkunqvmhc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c giwxrixtskzsoxprviky.exe

C:\Windows\iiutlanheuhyszpprc.exe

iiutlanheuhyszpprc.exe .

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe

C:\Users\Admin\AppData\Local\Temp\wpizxokbwkhvniqhila.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zyjhymyrncoexdsrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Windows\giwxrixtskzsoxprviky.exe

giwxrixtskzsoxprviky.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\windows\iiutlanheuhyszpprc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

"C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe" "c:\users\admin\appdata\local\temp\wpizxokbwkhvniqhila.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zyjhymyrncoexdsrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zyjhymyrncoexdsrs.exe

zyjhymyrncoexdsrs.exe .

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\iiutlanheuhyszpprc.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\ldvliytjdqmzqkrhhj.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe

C:\Users\Admin\AppData\Local\Temp\vlbpkyrfxicncuzn.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 95.101.143.177:443 www.bing.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 216.58.201.105:80 www.blogger.com tcp
RU 92.126.40.142:20235 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 renhfwh.org udp
US 8.8.8.8:53 gcwqie.com udp
US 8.8.8.8:53 qqkako.com udp
US 8.8.8.8:53 fnnpolag.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 qkfmdvt.net udp
US 8.8.8.8:53 doryvejyh.com udp
US 8.8.8.8:53 tztpzkic.net udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 vetoaes.info udp
US 8.8.8.8:53 boiqbjjmx.org udp
US 8.8.8.8:53 ovtflz.info udp
LT 82.135.243.225:36672 tcp
LT 78.56.207.70:20507 tcp
US 8.8.8.8:53 nulbtv.info udp
US 8.8.8.8:53 dyjerqv.org udp
US 8.8.8.8:53 lwootpugn.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 yktfostvrm.info udp
US 8.8.8.8:53 gwcdcj.net udp
US 8.8.8.8:53 pcdbhab.com udp
US 8.8.8.8:53 ufogng.info udp
US 8.8.8.8:53 ackiyqwayk.com udp
US 8.8.8.8:53 tmdfrr.net udp
US 8.8.8.8:53 aomrjq.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 gmysmygm.com udp
US 8.8.8.8:53 zomeng.net udp
US 8.8.8.8:53 yieyukwg.com udp
US 8.8.8.8:53 yidcbaicnaj.info udp
US 8.8.8.8:53 awqgimwuag.org udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 qocqxkxux.net udp
US 8.8.8.8:53 euywanuuj.net udp
US 8.8.8.8:53 ttqbtshbwegd.info udp
US 8.8.8.8:53 tkxqdfjkvqb.net udp
US 8.8.8.8:53 ogyrbvsur.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 ezkogoqox.net udp
US 8.8.8.8:53 qdkqli.info udp
US 8.8.8.8:53 wecucgik.com udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 wgvcnorsxdj.net udp
RU 212.49.106.6:16958 tcp
US 8.8.8.8:53 bdxuugvsb.info udp
US 8.8.8.8:53 jujstinwzue.org udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 ltfnaixploh.info udp
US 8.8.8.8:53 msjobtzehasx.info udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 wuhsium.net udp
US 8.8.8.8:53 iqcdjulmgtvh.info udp
US 8.8.8.8:53 owigys.org udp
US 8.8.8.8:53 vqtrcup.info udp
US 8.8.8.8:53 pesevkumh.com udp
US 8.8.8.8:53 aupgstjs.net udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 bxogzomepb.info udp
US 8.8.8.8:53 aquvrewki.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 iljkjae.net udp
US 8.8.8.8:53 uzfivdn.info udp
US 8.8.8.8:53 dznfgdlviz.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 xloqzvsr.net udp
US 8.8.8.8:53 mfrjumxar.net udp
US 8.8.8.8:53 pudsnxcxfczc.info udp
US 8.8.8.8:53 hcickohmlzh.com udp
US 8.8.8.8:53 tinpzsvw.net udp
US 8.8.8.8:53 tlxsqjffouk.org udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 pwncjgaxwyd.net udp
US 8.8.8.8:53 dcjuynrml.net udp
US 8.8.8.8:53 ybpuasn.info udp
US 8.8.8.8:53 hyxumkmyped.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 hjnesthm.net udp
US 8.8.8.8:53 aqanduhvxvvu.net udp
US 8.8.8.8:53 avmgry.info udp
US 8.8.8.8:53 rimwjgoyn.info udp
RO 89.38.13.83:19120 tcp
US 8.8.8.8:53 ldydsrcvbu.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 vwdifmr.org udp
US 8.8.8.8:53 krhvxn.info udp
US 8.8.8.8:53 hioxlty.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 flhsmpnydkp.info udp
US 8.8.8.8:53 guhwlyjkj.net udp
US 8.8.8.8:53 dezrbwxzequd.net udp
US 8.8.8.8:53 ckpgeezgx.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 lkkcptqysk.info udp
US 8.8.8.8:53 liuoagvdnqx.org udp
US 8.8.8.8:53 syxwlirzawz.net udp
US 8.8.8.8:53 hbfzssslye.net udp
US 8.8.8.8:53 iygooeqiguqe.org udp
US 8.8.8.8:53 cczximv.net udp
US 8.8.8.8:53 kayvdapujb.net udp
US 8.8.8.8:53 giyqgeiy.org udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 upbwimlmtp.net udp
US 8.8.8.8:53 fybctbperce.com udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 akvylgd.net udp
US 8.8.8.8:53 xivfmmntnrau.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 qepcbmgt.net udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 wsdmljwiqjsa.info udp
US 8.8.8.8:53 wkozvctc.info udp
US 8.8.8.8:53 uyrghqlsv.net udp
US 8.8.8.8:53 kemiocawymoo.org udp
US 8.8.8.8:53 wcnhfcro.info udp
US 8.8.8.8:53 bzltymbylwv.net udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 nlhtrrgkfivs.info udp
US 8.8.8.8:53 fifwum.net udp
US 8.8.8.8:53 wpropoj.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 qchkqqq.info udp
US 8.8.8.8:53 gnmtulultuna.net udp
US 8.8.8.8:53 xokpjyxclst.net udp
US 8.8.8.8:53 cxqezanevx.info udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 fxvnhu.info udp
US 8.8.8.8:53 huqgxdybyj.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 bbvtctvcwlbd.net udp
US 8.8.8.8:53 ttrphtdypbz.com udp
US 8.8.8.8:53 lccjbbm.org udp
US 8.8.8.8:53 alxbnopuv.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 iskmka.org udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 cicsomskacyc.com udp
SE 176.68.141.104:16395 tcp
US 8.8.8.8:53 hvzkga.net udp
US 8.8.8.8:53 ooeckeoq.com udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 tvhmxgdeoen.org udp
US 8.8.8.8:53 rwjywvpev.info udp
US 8.8.8.8:53 wabjnlfo.info udp
US 8.8.8.8:53 aznlyk.info udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 zitkdaa.com udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 fvrarewvqaps.net udp
US 8.8.8.8:53 dapizwvwf.info udp
US 8.8.8.8:53 nonmpdxkup.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 ttpqbcpkr.org udp
US 8.8.8.8:53 nbvcxkza.info udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 yyfsbbnr.net udp
US 8.8.8.8:53 utunptv.info udp
US 8.8.8.8:53 myomqyey.com udp
US 8.8.8.8:53 douyjgv.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 pxbijia.com udp
US 8.8.8.8:53 vaqyti.net udp
US 8.8.8.8:53 wwwogobx.net udp
US 8.8.8.8:53 eygouvrtyo.info udp
US 8.8.8.8:53 mmognctkrpt.net udp
US 8.8.8.8:53 xskxxgnkdc.info udp
US 8.8.8.8:53 zvlwrdybsu.net udp
US 8.8.8.8:53 nzuvjdcw.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 eukggeai.org udp
US 8.8.8.8:53 ahlfykmblh.net udp
US 8.8.8.8:53 tsdinuhj.net udp
US 8.8.8.8:53 vipwtkjs.net udp
US 8.8.8.8:53 eooyaqqceqiw.org udp
US 8.8.8.8:53 wmwcmirxlyc.info udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 sbfalrhm.net udp
US 8.8.8.8:53 ccwauqqgqu.com udp
US 8.8.8.8:53 kedyoyywu.net udp
US 8.8.8.8:53 vaboruqwf.info udp
US 8.8.8.8:53 hlluwwnbugt.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 llyahebazdw.org udp
US 8.8.8.8:53 mwoqaaowicgq.org udp
LT 79.133.246.9:22567 tcp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 ysreffll.net udp
US 8.8.8.8:53 pqayhb.net udp
US 8.8.8.8:53 yneqwk.net udp
US 8.8.8.8:53 eaigoosoco.com udp
US 8.8.8.8:53 kygawgo.net udp
US 8.8.8.8:53 fqrpkr.net udp
US 8.8.8.8:53 wxueevixxa.net udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 tuflnqxqjcb.org udp
US 8.8.8.8:53 rsisnchsb.org udp
US 8.8.8.8:53 umomycgomm.org udp
US 8.8.8.8:53 gkmmai.com udp
US 8.8.8.8:53 bhdeohtp.info udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 swfizrmcx.net udp
US 8.8.8.8:53 ulzvjflg.net udp
US 8.8.8.8:53 qyzltwh.net udp
US 8.8.8.8:53 lisixxu.net udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 tzhctvhu.net udp
US 8.8.8.8:53 hyujziq.net udp
US 8.8.8.8:53 asbahwtul.net udp
US 8.8.8.8:53 nijhtrzfzizp.net udp
US 8.8.8.8:53 uipwfotwwgh.info udp
US 8.8.8.8:53 gsucmi.com udp
US 8.8.8.8:53 jszocat.info udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 ogaugiuums.org udp
US 8.8.8.8:53 zhqebnwoeo.net udp
US 8.8.8.8:53 vgmyfyuc.info udp
US 8.8.8.8:53 qmkigzvcwgz.info udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 qadgrm.info udp
US 8.8.8.8:53 tvgtimzqpz.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 eicykq.org udp
US 8.8.8.8:53 qglmnvgk.info udp
US 8.8.8.8:53 gzjbpr.info udp
US 8.8.8.8:53 qdwcezjsqf.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 fzijwkb.com udp
US 8.8.8.8:53 useiamscqo.com udp
US 8.8.8.8:53 psxqjgv.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 iidohadqv.info udp
US 8.8.8.8:53 jqkelg.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 rebqebf.org udp
US 8.8.8.8:53 zbngjcqhgdn.com udp
US 8.8.8.8:53 mepiwfz.net udp
RU 178.47.1.93:27150 tcp
US 8.8.8.8:53 yzeygoeyc.net udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 siieawksya.org udp
US 8.8.8.8:53 iilmfwtrt.net udp
US 8.8.8.8:53 mqhhvqayhy.net udp
US 8.8.8.8:53 grfgmc.info udp
US 8.8.8.8:53 ruxwcbdq.info udp
US 8.8.8.8:53 gswigkqoqsog.com udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 hitkmep.info udp
US 8.8.8.8:53 pnuneofcwr.net udp
US 8.8.8.8:53 mthmpabobth.info udp
US 8.8.8.8:53 uuukkuiceyiq.org udp
US 8.8.8.8:53 tvinwv.info udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 dikdhjsfah.info udp
US 8.8.8.8:53 navbpoagx.info udp
US 8.8.8.8:53 yeckikkg.org udp
US 8.8.8.8:53 wdwhfwidohyc.net udp
US 8.8.8.8:53 anjmtcv.info udp
US 8.8.8.8:53 gysicwsqmw.com udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 ldngutyf.net udp
US 8.8.8.8:53 jkjzopxpthts.info udp
US 8.8.8.8:53 bagwplri.info udp
US 8.8.8.8:53 iivdlqsynyv.info udp
US 8.8.8.8:53 uyekuwcc.com udp
US 8.8.8.8:53 vsjkbwjt.info udp
US 8.8.8.8:53 wkjpjcx.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 vezluepbxci.net udp
US 8.8.8.8:53 ygbqzzdkfag.info udp
US 8.8.8.8:53 emageequss.com udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 vcfbxm.info udp
BG 158.58.233.86:16496 tcp
US 8.8.8.8:53 oqkcyuiy.org udp
US 8.8.8.8:53 kwpmbjv.net udp
US 8.8.8.8:53 izbygnxzjflx.info udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 mmxwhcj.net udp
US 8.8.8.8:53 mgqwqm.org udp
US 8.8.8.8:53 eeyxttieak.net udp
US 8.8.8.8:53 waaysrsytn.net udp
US 8.8.8.8:53 janivhsgv.net udp
US 8.8.8.8:53 tynvnwp.net udp
US 8.8.8.8:53 kuykuyqukg.org udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 auiguawmsccu.org udp
US 8.8.8.8:53 pqxore.info udp
US 8.8.8.8:53 mokkooz.info udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 mcrcqcqoqxxk.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 eaykgiywes.org udp
US 8.8.8.8:53 geieegoe.org udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 dqdxymnhzawb.net udp
US 8.8.8.8:53 rokaaeqs.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 ixxynua.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 kfisaor.net udp
US 8.8.8.8:53 oymmewnct.net udp
US 8.8.8.8:53 wncjvznndiyt.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 fafqxatmp.org udp
US 8.8.8.8:53 gumqpiv.net udp
US 8.8.8.8:53 osisek.org udp
US 8.8.8.8:53 gxqvhkit.info udp
US 8.8.8.8:53 fhxvro.info udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 rhbkjzcsjt.net udp
US 8.8.8.8:53 myocawssawkq.com udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 hancevb.info udp
US 8.8.8.8:53 tafotu.info udp
US 8.8.8.8:53 qqjcfaygghj.net udp
US 8.8.8.8:53 tmcyffp.info udp
US 8.8.8.8:53 tzkgkv.net udp
US 8.8.8.8:53 rgspovpcfh.net udp
US 8.8.8.8:53 qaamsq.com udp
US 8.8.8.8:53 zzsetkroa.com udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 olxznkh.net udp
US 8.8.8.8:53 lqmezdzbx.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 feqluc.net udp
US 8.8.8.8:53 fpydjofsd.net udp
US 8.8.8.8:53 xmjqrkh.org udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 ecargkkb.info udp
US 8.8.8.8:53 qrpojktbl.info udp
US 8.8.8.8:53 rrpjlw.net udp
US 8.8.8.8:53 odoqzijhsjjo.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 grxmhqljxwj.net udp
US 8.8.8.8:53 zmhbseaeio.info udp
US 8.8.8.8:53 nlnwfqcgm.com udp
US 8.8.8.8:53 hzpgbsphxqz.org udp
US 8.8.8.8:53 rchkxhvp.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 rmfaknvoltdt.net udp
US 8.8.8.8:53 unnhqz.net udp
US 8.8.8.8:53 huzkxpugciil.info udp
US 8.8.8.8:53 yeiggg.org udp
TR 88.235.180.29:14837 tcp
US 8.8.8.8:53 wqyycxopy.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 eqmccs.org udp
US 8.8.8.8:53 iqnfdmo.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 jgtexdzwd.info udp
US 8.8.8.8:53 gwjbpqbov.net udp
US 8.8.8.8:53 swmsswsgqmas.org udp
US 8.8.8.8:53 vepnxrk.net udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 apacpdvh.info udp
US 8.8.8.8:53 dwtqhzztnl.net udp
US 8.8.8.8:53 ssjiikispzr.net udp
US 8.8.8.8:53 ybtucsbmzmj.net udp
US 8.8.8.8:53 uxplpwev.info udp
US 8.8.8.8:53 fhzpxfirsit.org udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 gywmjajfgb.info udp
US 8.8.8.8:53 jodwziduxgq.com udp
US 8.8.8.8:53 jyzugzxv.net udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 kptnte.net udp
US 8.8.8.8:53 hvlhjwuum.info udp
US 8.8.8.8:53 eypatmqczhp.net udp
US 8.8.8.8:53 xofrzhyfft.info udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 pombeal.net udp
US 8.8.8.8:53 swenvkzyblqc.info udp
US 8.8.8.8:53 jjhvirdj.info udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 zflmnrhs.info udp
US 8.8.8.8:53 jsbfwcnz.info udp
US 8.8.8.8:53 iduyhkjmwjy.info udp
US 8.8.8.8:53 eksiug.com udp
US 8.8.8.8:53 iiagvpyro.info udp
US 8.8.8.8:53 mwxhygjuyd.info udp
US 8.8.8.8:53 ckvkgvusr.net udp
US 8.8.8.8:53 gbdcoi.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 okbmfi.net udp
US 8.8.8.8:53 nmssgabaj.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 bqpqgcyybju.com udp
US 8.8.8.8:53 mgdyqoe.info udp
US 8.8.8.8:53 hzugeuewnwmu.info udp
US 8.8.8.8:53 iodunis.info udp
US 8.8.8.8:53 qvzesytaxjr.info udp
US 8.8.8.8:53 kpjsgqljbct.info udp
US 8.8.8.8:53 hkzxhk.net udp
US 8.8.8.8:53 feetqur.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 ocemciom.com udp
US 8.8.8.8:53 cgjrlfnerz.net udp
US 8.8.8.8:53 ohxihwzjqkrd.info udp
US 8.8.8.8:53 aqfrzgnytcqj.info udp
US 8.8.8.8:53 ooqoeuicqu.org udp
TR 88.249.58.175:44203 tcp
US 8.8.8.8:53 fanpxqb.org udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 isusqkoewgea.org udp
US 8.8.8.8:53 zejmgkhkplyv.net udp
US 8.8.8.8:53 kqmoyqmouw.org udp
US 8.8.8.8:53 ecbhfm.info udp
US 8.8.8.8:53 ytfwcb.net udp
US 8.8.8.8:53 rxbgme.info udp
US 8.8.8.8:53 azgprgiousra.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 fwujrjs.net udp
US 8.8.8.8:53 zeofnl.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 bozwzxlynwl.com udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 fqoezlzah.net udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 cbxgfuxgj.info udp
US 8.8.8.8:53 hvfgsxhqwz.info udp
US 8.8.8.8:53 lxnfwmk.info udp
US 8.8.8.8:53 yrjorw.info udp
US 8.8.8.8:53 rfrexlxjvwx.org udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 neycaic.info udp
US 8.8.8.8:53 gtbkqusa.net udp
US 8.8.8.8:53 pghevml.net udp
US 8.8.8.8:53 gensjwbir.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 xqfamqzexuu.org udp
US 8.8.8.8:53 dpayxeir.net udp
US 8.8.8.8:53 eiiugccisk.org udp
US 8.8.8.8:53 virsztmqgskq.info udp
US 8.8.8.8:53 mbbjvhhi.net udp
US 8.8.8.8:53 fujqrswukig.org udp
US 8.8.8.8:53 rwtwcnmjwb.info udp
LT 78.56.250.191:18381 tcp
US 8.8.8.8:53 cmbjpdeak.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 yztsqwrvuu.info udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 tytmksvgc.org udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 xmhtdhakz.info udp
US 8.8.8.8:53 dikhhoggbey.org udp
US 8.8.8.8:53 ccvjxgcf.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 abidvoyswy.net udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 iasmocss.com udp
US 8.8.8.8:53 xovrzevas.net udp
US 8.8.8.8:53 oubqwqncd.info udp
US 8.8.8.8:53 dcxsbmpbmr.net udp
US 8.8.8.8:53 oqbftc.info udp
US 8.8.8.8:53 pmtcjcpdluys.info udp
US 8.8.8.8:53 oappfh.net udp
US 8.8.8.8:53 bcnbhr.info udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 zndcdo.net udp
US 8.8.8.8:53 usxmitzh.info udp
US 8.8.8.8:53 rgfupswrlsbu.info udp
US 8.8.8.8:53 aqdhtlqcrv.info udp
US 8.8.8.8:53 gawmooqwyi.com udp
US 8.8.8.8:53 eyryrcl.net udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 lzbsrif.info udp
US 8.8.8.8:53 vmstjeknjxbu.info udp
US 8.8.8.8:53 eqiuuafo.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 cnemkaq.info udp
US 8.8.8.8:53 weoaqi.com udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 ezzavlomtbfs.info udp
US 8.8.8.8:53 frblrm.net udp
US 8.8.8.8:53 wxdozwset.net udp
US 8.8.8.8:53 fknwfojqjam.net udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 sratbjpi.net udp
US 8.8.8.8:53 repoiapo.info udp
US 8.8.8.8:53 tfpsmntmbj.info udp
US 8.8.8.8:53 lfmvkkwf.info udp
US 8.8.8.8:53 aahoten.net udp
US 8.8.8.8:53 wzltoozyf.net udp
LT 78.61.178.150:31629 tcp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 lnrruglwxf.info udp
US 8.8.8.8:53 gttenetz.info udp
US 8.8.8.8:53 nwpnfmrwojk.org udp
US 8.8.8.8:53 hfzeqwnj.net udp
US 8.8.8.8:53 zqgkhcn.org udp
US 8.8.8.8:53 icoecs.com udp
US 8.8.8.8:53 relxjhblxuvw.net udp
US 8.8.8.8:53 oqgumoqc.org udp
US 8.8.8.8:53 owhamuxacdf.info udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 ieeywcyqay.org udp
US 8.8.8.8:53 uokesa.org udp
US 8.8.8.8:53 dbxhlavdsqf.com udp
US 8.8.8.8:53 koufluf.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 nkfcvbf.info udp
US 8.8.8.8:53 swayiiau.com udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 iqawsq.com udp
US 8.8.8.8:53 bieivuwxneh.com udp
US 8.8.8.8:53 aevmhj.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 padlxwdsdov.net udp
US 8.8.8.8:53 tvhqlzdi.info udp
US 8.8.8.8:53 tgixue.net udp
US 8.8.8.8:53 cismyk.org udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 lwyebctyb.org udp
US 8.8.8.8:53 jhtall.info udp
US 8.8.8.8:53 ytbksmdhplna.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 kkkkywyu.com udp
US 8.8.8.8:53 ivjiej.net udp
US 8.8.8.8:53 quropmbenyf.net udp
US 8.8.8.8:53 ykamwkam.com udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 pglilvpurybb.net udp
US 8.8.8.8:53 rasbssfgdqf.net udp
US 8.8.8.8:53 fzzyegyx.info udp
US 8.8.8.8:53 qosaaauoqc.org udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 qwueqgus.com udp
US 8.8.8.8:53 nirieaffz.org udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 hhlidzgrpsor.info udp
US 8.8.8.8:53 ufjpmccy.info udp
IN 117.214.11.253:32472 tcp
US 8.8.8.8:53 ddiylkvqrqi.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 ervkkcr.net udp
US 8.8.8.8:53 mtpzwe.info udp
US 8.8.8.8:53 zkdcbad.net udp
US 8.8.8.8:53 halmimt.com udp
US 8.8.8.8:53 dsqkcoyoiyv.com udp
US 8.8.8.8:53 pakahvwxtmr.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 ijtppgrcld.info udp
US 8.8.8.8:53 nppnrfsmvd.net udp
US 8.8.8.8:53 cicsygmomici.com udp
US 8.8.8.8:53 nptcxr.info udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 mmwfimqpnsib.info udp
US 8.8.8.8:53 ylykuekuu.info udp
US 8.8.8.8:53 irnggqntnnlp.info udp
US 8.8.8.8:53 imlqfibah.net udp
US 8.8.8.8:53 ztbbnybt.info udp
US 8.8.8.8:53 qyqoscump.info udp
US 8.8.8.8:53 etaybbxftobk.info udp
US 8.8.8.8:53 uuycrk.info udp
US 8.8.8.8:53 lzvbdk.net udp
US 8.8.8.8:53 yojyjxozz.info udp
US 8.8.8.8:53 mzkyzy.net udp
US 8.8.8.8:53 uoimkp.net udp
US 8.8.8.8:53 aanbggwm.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 cqkrtcyst.net udp
US 8.8.8.8:53 xgxjwhxv.net udp
US 8.8.8.8:53 lhvcasxzjagl.net udp
RU 92.126.7.100:14446 tcp
US 8.8.8.8:53 euhgfgdkek.info udp
US 8.8.8.8:53 ysearkxwv.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 emywic.com udp
US 8.8.8.8:53 eckcqgow.org udp
US 8.8.8.8:53 pgqimrxa.net udp
US 8.8.8.8:53 vuljnnfzgrkd.info udp
US 8.8.8.8:53 geqsnwq.net udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 mtgwkmxauhpb.net udp
US 8.8.8.8:53 nbamphiygl.net udp
US 8.8.8.8:53 xwbtzuy.net udp
US 8.8.8.8:53 ogvjblhkft.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 itxjomza.net udp
US 8.8.8.8:53 rcfbls.net udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 qmvxqytwv.info udp
US 8.8.8.8:53 bahsuddek.net udp
US 8.8.8.8:53 uyeueosmof.net udp
US 8.8.8.8:53 rendhgjruhhx.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 gsuavor.net udp
US 8.8.8.8:53 zzxmsglb.info udp
US 8.8.8.8:53 ncvqhgppakvp.info udp
US 8.8.8.8:53 bsuoxqjwlmr.org udp
US 8.8.8.8:53 fcrqzgywp.net udp
US 8.8.8.8:53 jnsbxnme.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 ozvbsx.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 ubxjltph.info udp
US 8.8.8.8:53 nbridirib.info udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 jfmtvpxois.info udp
US 8.8.8.8:53 gkfagmip.info udp
US 8.8.8.8:53 wuyamjhrhyuw.info udp
US 8.8.8.8:53 yynqmc.net udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 skbjlhzdmrg.info udp
US 8.8.8.8:53 tjagypmeal.info udp
US 8.8.8.8:53 vulmlyh.info udp
US 8.8.8.8:53 ogfexnj.net udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 ncljswth.info udp
US 8.8.8.8:53 hwedwcd.org udp
US 8.8.8.8:53 ducftd.info udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 fcbmnmaglku.info udp
US 8.8.8.8:53 gkigeuwoas.org udp
US 8.8.8.8:53 utprwysejlvs.net udp
US 8.8.8.8:53 gukhocvihudn.net udp
US 8.8.8.8:53 woeggw.com udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 caacgmga.com udp
US 8.8.8.8:53 ymvvtoemz.info udp
US 8.8.8.8:53 bgdyrqjl.info udp
US 8.8.8.8:53 luaiurlae.info udp
TR 88.236.1.71:45401 tcp
US 8.8.8.8:53 yacyomiumq.com udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 lunwhbofvcfk.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 rgudezwetm.info udp
US 8.8.8.8:53 aqtwifkdfzjn.info udp
US 8.8.8.8:53 jswymbuckd.info udp
US 8.8.8.8:53 bhhsxnc.com udp
US 8.8.8.8:53 hwznycnavgh.info udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 zjughu.info udp
US 8.8.8.8:53 kbbxjldzahjm.net udp
US 8.8.8.8:53 kscmqsmeicqy.org udp
US 8.8.8.8:53 rzzelz.net udp
US 8.8.8.8:53 czjszdnkppld.net udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 nmptmyjd.info udp
US 8.8.8.8:53 yyeeuo.org udp
US 8.8.8.8:53 nvqwprdveuhe.info udp
US 8.8.8.8:53 clyrpnxjeazg.net udp
US 8.8.8.8:53 qogswa.com udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 lyvwhmh.net udp
US 8.8.8.8:53 tenwwnvt.net udp
US 8.8.8.8:53 gcidve.info udp
US 8.8.8.8:53 kwkeoe.org udp
US 8.8.8.8:53 pyauferjo.info udp
US 8.8.8.8:53 geoaded.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 fcbmcknil.info udp
US 8.8.8.8:53 cqtgrcdp.info udp
US 8.8.8.8:53 xyvgagcaatx.com udp
US 8.8.8.8:53 rahjdfquyme.org udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 wbpsctjc.net udp
US 8.8.8.8:53 ksawma.com udp
US 8.8.8.8:53 fufjrkgmlb.info udp
US 8.8.8.8:53 gknhxjyx.net udp
US 8.8.8.8:53 osyahxu.net udp
US 8.8.8.8:53 yvuwnugif.net udp
US 8.8.8.8:53 rkwlhccy.info udp
CH 92.39.51.117:28655 tcp
US 8.8.8.8:53 aqibav.net udp
US 8.8.8.8:53 gcnbvfoqnu.net udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 kormoefmtsp.net udp
US 8.8.8.8:53 idgcxmyycul.net udp
US 8.8.8.8:53 xojwyklpqx.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 cmkaasceay.com udp
US 8.8.8.8:53 wibcfahow.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 fheczbxom.info udp
US 8.8.8.8:53 ushsjfrbtr.info udp
US 8.8.8.8:53 rlgzsbuk.info udp
US 8.8.8.8:53 fygywqiq.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 wmmexwf.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 aycslmxgr.info udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 uwsincw.info udp
US 8.8.8.8:53 uwmkmqyy.com udp
US 8.8.8.8:53 qoherwd.net udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 jibufsdsc.info udp
US 8.8.8.8:53 fuzlal.net udp
US 8.8.8.8:53 sgxzfijx.info udp
US 8.8.8.8:53 ztliloruryb.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 rmxzfhpjlefv.info udp
US 8.8.8.8:53 jbacuchohmfp.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 jppqvnfr.info udp
US 8.8.8.8:53 frcoljzv.info udp
US 8.8.8.8:53 rwzraylwn.org udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 dpvimqjjdvos.info udp
US 8.8.8.8:53 dgkcuesv.net udp
US 8.8.8.8:53 jukjryxudtc.org udp
US 8.8.8.8:53 pqfejma.info udp
US 8.8.8.8:53 khatprlscnrf.info udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 sgiawqmc.com udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 boiedsbxvhp.info udp
US 8.8.8.8:53 vmvpicjstyv.info udp
US 8.8.8.8:53 xxsktka.org udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 sqoeowiuqk.org udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 nvggymzidkd.info udp
US 8.8.8.8:53 xkiojneciyw.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 wicmay.com udp
US 8.8.8.8:53 yiikouuo.com udp
LT 78.60.92.16:41579 tcp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 ebqxxu.net udp
US 8.8.8.8:53 xuligpjoy.net udp
US 8.8.8.8:53 wqoqukau.com udp
US 8.8.8.8:53 ugbqxdmcrgz.net udp
US 8.8.8.8:53 cmxudugbc.info udp
US 8.8.8.8:53 rcxilf.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 xbpezstkdcv.org udp
US 8.8.8.8:53 rnidmzlw.net udp
US 8.8.8.8:53 hbjxvxgftwlq.net udp
US 8.8.8.8:53 fetbfovssw.net udp
US 8.8.8.8:53 uaayecok.org udp
US 8.8.8.8:53 hymkjkbbgdh.org udp
US 8.8.8.8:53 lubuhqmqdq.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 zzzsqqkg.net udp
US 8.8.8.8:53 bxwcswcudh.net udp
US 8.8.8.8:53 ngvpjuoyq.info udp
US 8.8.8.8:53 xulwjsruf.org udp
US 8.8.8.8:53 cfudlmuf.info udp
US 8.8.8.8:53 egdaflyekul.net udp
US 8.8.8.8:53 ouisjnngcx.net udp
US 8.8.8.8:53 bvdzfyumyc.net udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 pwxaddov.info udp
US 8.8.8.8:53 wswyiisuso.org udp
US 8.8.8.8:53 lqquoxre.info udp
US 8.8.8.8:53 zotrcj.info udp
US 8.8.8.8:53 zznyjs.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 gsaaoioeuq.org udp
US 8.8.8.8:53 xwiewdpnjys.info udp
US 8.8.8.8:53 qbyvhkkfras.net udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 cqlovot.net udp
US 8.8.8.8:53 pwbqteaqp.net udp
US 8.8.8.8:53 vmrzybdk.net udp
US 8.8.8.8:53 qeewkw.org udp
US 8.8.8.8:53 njpceyjx.info udp
US 8.8.8.8:53 gnpehfhydgxr.net udp
US 8.8.8.8:53 exptpipsborm.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 eoagac.org udp
US 8.8.8.8:53 uooilgh.info udp
US 8.8.8.8:53 sybytxtvafti.net udp
US 8.8.8.8:53 ompfouleb.net udp
US 8.8.8.8:53 tgwilupeu.com udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 pivydfve.net udp
BG 158.58.242.30:24386 tcp
US 8.8.8.8:53 lckmzwphk.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 qvgtiyvc.net udp
US 8.8.8.8:53 qkfehqykx.info udp
US 8.8.8.8:53 jwdlwsql.net udp
US 8.8.8.8:53 krujhbbfveal.info udp
US 8.8.8.8:53 nahljkd.info udp
US 8.8.8.8:53 lhhiwibqzegt.info udp
US 8.8.8.8:53 pcrmus.net udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 iabusbmsvdn.net udp
US 8.8.8.8:53 iiouuw.org udp
US 8.8.8.8:53 hyjinqputdn.com udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 xgbopdx.info udp

Files

C:\Users\Admin\AppData\Local\Temp\tzjwwfytdjt.exe

MD5 5203b6ea0901877fbf2d8d6f6d8d338e
SHA1 c803e92561921b38abe13239c1fd85605b570936
SHA256 0cc02d34d5fd4cf892fed282f98c1ad3e7dd6159a8877ae5c46d3f834ed36060
SHA512 d48a41b4fc4c38a6473f789c02918fb7353a4b4199768a3624f3b685d91d38519887a1ccd3616e0d2b079a346afaec5a0f2ef2c46d72d3097ef561cedb476471

C:\Windows\SysWOW64\iiutlanheuhyszpprc.exe

MD5 b838d06aa2f9970dfda79463310cf899
SHA1 7cb1355674415ed0f529a2917ab16e7c69dfaca2
SHA256 858805f6ee17321afae6ca22e35791ac8e1391dfe77317d0c0681f4f43c08aa3
SHA512 9ebe4450eb441af897555d3a59d723b8accf24fc1409948841d3adf238f88151ef06982db2befd7dc8bc153d35189a2c71941a02ccb9631c4c27932e84a6389d

C:\Users\Admin\AppData\Local\Temp\tijxeik.exe

MD5 8840ba8ead77c46006f18f0a5e621636
SHA1 b64a649634f2c991cac7db7713ce2968c42d64ad
SHA256 dc2854fb1f06e1587b948478d33199b455887610a9e77cfe31457ab1764efad0
SHA512 5a2355c2e2a5fcf481027b3f1668111183c9331f4491f7674e59f905da5a810eb7455df631783cb5dfff6170d15a1e2621596acb5bef305688e110279814bcd8

C:\Users\Admin\AppData\Local\sqaxnaldymxmejxvvecmjzmxpkyjyqvjhhqoyv.yjb

MD5 7b8d41b7ed0766f975fabefec473277f
SHA1 04fcb18c13302d9f9456b15f6ffe208263dd2d47
SHA256 7e5cf680f11154d70a9e4f13f11f7e40d973aa63742dd9726dbbddc7653378fe
SHA512 3e0357611be96e2bfe0c9d59185bff0eb762dfb4bce236fb0225795a1245cadb57606cd16a9eea85ac958d985afdfbedd1aa24a478d1fd0180ac0e34124c3d4d

C:\Users\Admin\AppData\Local\vihtyaahruuyfzcpecpoafhhoyb.fmg

MD5 3465052c4c305148869e16796fdacdd5
SHA1 fcfe6b53a8d257a7e02a2104693b920fb95b66da
SHA256 1578e20e3f6f4b7d75d11ece2d20cd9e6e65fa81e33fe91acc029df28ee5d1e9
SHA512 207ccbfee4728e1edc4b3a78c71a1e18e8de92d7e5c498796ca1137b225c4827baab76e9c3a50186e669e7ecd578c7702a4b86d1130457ba91b75a63857335d4

C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg

MD5 513fa0ec9ff0dceb0e002b11f589efb0
SHA1 066e59698b6c3c2b4e4fd45fc1a3561935afe2f2
SHA256 7aee850b06d581e5ea28a1164589a8d40c8de7daeb1d259e3d126bded48625e8
SHA512 12713d287de5798af1588abe27e7c37f325032e4e025bd2f613bd14bf4625186b3a1bf0ca77ae9aba8d81e35e3ca0e2e9399352cd26e885986866bb356b89e3b

C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg

MD5 587c65595cc02c87229a6551fcbac505
SHA1 07e9f79488a5ace5d0c8894c9086cc8d22055798
SHA256 fde674ddd5e1889be58e4a38dd320b02a312a22031f64526ae33d21a1bf2713e
SHA512 ebf1f236270b6c355ceb8dc2c8be1f2fe7981ae56eaf43d7c63eb2590afed8053b3cd94b7e02e468a1d4c3029072a067babfd2c2601cdf7007218e4bcc97deac

C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg

MD5 d3346d69f6ab696b031b3cf265f4ba98
SHA1 9ddf01ddf76222900d77b7aa4ac3ee45c7577d32
SHA256 5a4d041a5d2142689c70b06e831a6ed6280ba85f7245521028c86fa3f7775e97
SHA512 8b3545698872f88350c60fc1b75641226fc0d085d0a2e58e82a541a5196e17543f22e50aafa2ba9c15b27fbb73aa1cad43c9d4d5da533da12d372c624675d39a

C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg

MD5 165c148bca3bc8bf179b68659aad1943
SHA1 f19d70349ec4c6fc23f92928bf30956ac91a5de2
SHA256 e8c7c78301ef51591207b034d9e7da31638340f5365c0a3556056fd4c19d6ab6
SHA512 86433da1da720f2aa0e3b0bbcf7ecfc1e783972c32ddcfc2775cd63373654b9fbc0ddfae7104ac81603ba36433d1ebef333003cc84eb6b0b659dd9f140928e83

C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg

MD5 1129fba3678e3ca624e19f174518bf09
SHA1 5c2cadf22167c9fd7190b8036f9d7ad9de2b971e
SHA256 ebb4b50e45878716173eaf54f7dc2c9335d9225fd556ebd003714cad8d857242
SHA512 0c88d9b62656ce9628dda940659a3f6bb5f5035f82e554efd11ad7e61debebb9bfb8bd83a1d60d2b0111d03ce8e841cfe9512c99d9cd91f64c3c68c64c4f4e4d

C:\Program Files (x86)\vihtyaahruuyfzcpecpoafhhoyb.fmg

MD5 96599ffb7bf25e79ec64f7de3698d53c
SHA1 a6cbe037146aedec302910c8b6cc9e6e4cb901b0
SHA256 658359549a9bd39cd6fb1ed83c36b8ce2fe3837a1482112a7873643050592640
SHA512 830eee2ca7a3601d7373f62d2eb842045bce84192c53f433be078f9094e81e1230460a35fd84ee0268e3794d185d321f1a56609f13fe7a6ba6907da71f0502e6