Malware Analysis Report

2025-08-10 16:34

Sample ID 250418-n1wg4a11hx
Target JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60
SHA256 04d3522972566a2b189144c86441058f1af5641a67cdaf39e246f91ba23bf5c5
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

04d3522972566a2b189144c86441058f1af5641a67cdaf39e246f91ba23bf5c5

Threat Level: Known bad

The file JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60 was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

UAC bypass

Pykspa family

Pykspa

Detect Pykspa worm

Disables RegEdit via registry modification

Adds policy Run key to start application

Checks computer location settings

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Looks up external IP address via web service

Hijack Execution Flow: Executable Installer File Permissions Weakness

Checks whether UAC is enabled

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-18 11:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-18 11:52

Reported

2025-04-18 11:54

Platform

win11-20250410-en

Max time kernel

34s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "zvfewokzvbztcoxcykg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "ojsqhythchexfqycxi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "ojsqhythchexfqycxi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qhmgtgxhyzshls = "mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\thjakuipdbr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\yryujyrdwzulragi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
N/A N/A C:\Windows\fzheukerlpldkubey.exe N/A
N/A N/A C:\Windows\fzheukerlpldkubey.exe N/A
N/A N/A C:\Windows\zvfewokzvbztcoxcykg.exe N/A
N/A N/A C:\Windows\zvfewokzvbztcoxcykg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\fzheukerlpldkubey.exe N/A
N/A N/A C:\Windows\fzheukerlpldkubey.exe N/A
N/A N/A C:\Windows\fzheukerlpldkubey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
N/A N/A C:\Windows\mjuungdtqxwrboyebolw.exe N/A
N/A N/A C:\Windows\fzheukerlpldkubey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\zvfewokzvbztcoxcykg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\yryujyrdwzulragi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Windows\zvfewokzvbztcoxcykg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\mjuungdtqxwrboyebolw.exe N/A
N/A N/A C:\Windows\yryujyrdwzulragi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\zvfewokzvbztcoxcykg.exe N/A
N/A N/A C:\Windows\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Windows\yryujyrdwzulragi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\ojsqhythchexfqycxi.exe N/A
N/A N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "mjuungdtqxwrboyebolw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "zvfewokzvbztcoxcykg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "bzlmgaypnvvrcqbigusef.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "ojsqhythchexfqycxi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "yryujyrdwzulragi.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "bzlmgaypnvvrcqbigusef.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "ojsqhythchexfqycxi.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "bzlmgaypnvvrcqbigusef.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bzlmgaypnvvrcqbigusef.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "bzlmgaypnvvrcqbigusef.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojsqhythchexfqycxi.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "zvfewokzvbztcoxcykg.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tlrmaogrjlfvain = "yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zvfewokzvbztcoxcykg.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "ojsqhythchexfqycxi.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\qfialwltihyl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fzheukerlpldkubey.exe ." C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fzheukerlpldkubey = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yryujyrdwzulragi.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pfjcoaqzpphvy = "mjuungdtqxwrboyebolw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ojsqhythchexfqycxi = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mjuungdtqxwrboyebolw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yryujyrdwzulragi = "bzlmgaypnvvrcqbigusef.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File created C:\Windows\SysWOW64\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File created C:\Windows\SysWOW64\bjfquyghphrxsqlckiqmxbfnowo.ezx C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File created C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Program Files (x86)\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File created C:\Program Files (x86)\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File created C:\Windows\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File created C:\Windows\bjfquyghphrxsqlckiqmxbfnowo.ezx C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fzheukerlpldkubey.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\sregbwvnmvwtfugoncboql.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\yryujyrdwzulragi.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\mjuungdtqxwrboyebolw.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
File opened for modification C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\mjuungdtqxwrboyebolw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ojsqhythchexfqycxi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
PID 2124 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
PID 2124 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe
PID 5932 wrote to memory of 2928 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
PID 5932 wrote to memory of 2928 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
PID 5932 wrote to memory of 2928 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe
PID 3864 wrote to memory of 5348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3864 wrote to memory of 5348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3864 wrote to memory of 5348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5348 wrote to memory of 700 N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Windows\system32\cmd.exe
PID 5348 wrote to memory of 700 N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Windows\system32\cmd.exe
PID 5348 wrote to memory of 700 N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Windows\system32\cmd.exe
PID 4232 wrote to memory of 3528 N/A C:\Windows\system32\cmd.exe C:\Windows\bzlmgaypnvvrcqbigusef.exe
PID 4232 wrote to memory of 3528 N/A C:\Windows\system32\cmd.exe C:\Windows\bzlmgaypnvvrcqbigusef.exe
PID 4232 wrote to memory of 3528 N/A C:\Windows\system32\cmd.exe C:\Windows\bzlmgaypnvvrcqbigusef.exe
PID 3528 wrote to memory of 2300 N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 3528 wrote to memory of 2300 N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 3528 wrote to memory of 2300 N/A C:\Windows\bzlmgaypnvvrcqbigusef.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 4352 wrote to memory of 2160 N/A C:\Windows\system32\cmd.exe C:\Windows\fzheukerlpldkubey.exe
PID 4352 wrote to memory of 2160 N/A C:\Windows\system32\cmd.exe C:\Windows\fzheukerlpldkubey.exe
PID 4352 wrote to memory of 2160 N/A C:\Windows\system32\cmd.exe C:\Windows\fzheukerlpldkubey.exe
PID 4376 wrote to memory of 3640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
PID 4376 wrote to memory of 3640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
PID 4376 wrote to memory of 3640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe
PID 2272 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2272 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2272 wrote to memory of 3532 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 492 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 492 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 492 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5768 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5768 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5768 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2016 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2016 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2016 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3532 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe C:\Windows\System32\Conhost.exe
PID 3532 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe C:\Windows\System32\Conhost.exe
PID 3532 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe C:\Windows\System32\Conhost.exe
PID 4832 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
PID 4832 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
PID 4832 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
PID 4832 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
PID 4832 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
PID 4832 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mvsejo.exe
PID 1112 wrote to memory of 5284 N/A C:\Windows\system32\cmd.exe C:\Windows\fzheukerlpldkubey.exe
PID 1112 wrote to memory of 5284 N/A C:\Windows\system32\cmd.exe C:\Windows\fzheukerlpldkubey.exe
PID 1112 wrote to memory of 5284 N/A C:\Windows\system32\cmd.exe C:\Windows\fzheukerlpldkubey.exe
PID 2604 wrote to memory of 3400 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
PID 2604 wrote to memory of 3400 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
PID 2604 wrote to memory of 3400 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe
PID 468 wrote to memory of 5388 N/A C:\Windows\system32\cmd.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 468 wrote to memory of 5388 N/A C:\Windows\system32\cmd.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 468 wrote to memory of 5388 N/A C:\Windows\system32\cmd.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 1640 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 1640 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 1640 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\zvfewokzvbztcoxcykg.exe
PID 5388 wrote to memory of 3684 N/A C:\Windows\zvfewokzvbztcoxcykg.exe C:\Windows\system32\cmd.exe
PID 5388 wrote to memory of 3684 N/A C:\Windows\zvfewokzvbztcoxcykg.exe C:\Windows\system32\cmd.exe
PID 5388 wrote to memory of 3684 N/A C:\Windows\zvfewokzvbztcoxcykg.exe C:\Windows\system32\cmd.exe
PID 4808 wrote to memory of 4048 N/A C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4808 wrote to memory of 4048 N/A C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4808 wrote to memory of 4048 N/A C:\Windows\zvfewokzvbztcoxcykg.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 1944 wrote to memory of 5404 N/A C:\Windows\system32\cmd.exe C:\Windows\fzheukerlpldkubey.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\mvsejo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe"

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\mvsejo.exe

"C:\Users\Admin\AppData\Local\Temp\mvsejo.exe" "-C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe"

C:\Users\Admin\AppData\Local\Temp\mvsejo.exe

"C:\Users\Admin\AppData\Local\Temp\mvsejo.exe" "-C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\yryujyrdwzulragi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ojsqhythchexfqycxi.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe

C:\Users\Admin\AppData\Local\Temp\fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fzheukerlpldkubey.exe .

C:\Windows\fzheukerlpldkubey.exe

fzheukerlpldkubey.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fzheukerlpldkubey.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe

C:\Users\Admin\AppData\Local\Temp\mjuungdtqxwrboyebolw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\mjuungdtqxwrboyebolw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mjuungdtqxwrboyebolw.exe

C:\Windows\mjuungdtqxwrboyebolw.exe

mjuungdtqxwrboyebolw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yryujyrdwzulragi.exe .

C:\Windows\yryujyrdwzulragi.exe

yryujyrdwzulragi.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\yryujyrdwzulragi.exe*."

C:\Windows\bzlmgaypnvvrcqbigusef.exe

bzlmgaypnvvrcqbigusef.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe .

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zvfewokzvbztcoxcykg.exe*."

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Users\Admin\AppData\Local\Temp\ojsqhythchexfqycxi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe

C:\Users\Admin\AppData\Local\Temp\zvfewokzvbztcoxcykg.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zvfewokzvbztcoxcykg.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Users\Admin\AppData\Local\Temp\yryujyrdwzulragi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe

C:\Users\Admin\AppData\Local\Temp\bzlmgaypnvvrcqbigusef.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bzlmgaypnvvrcqbigusef.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zvfewokzvbztcoxcykg.exe

C:\Windows\zvfewokzvbztcoxcykg.exe

zvfewokzvbztcoxcykg.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ojsqhythchexfqycxi.exe .

C:\Windows\ojsqhythchexfqycxi.exe

ojsqhythchexfqycxi.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
FR 52.222.159.143:80 www.imdb.com tcp
BG 213.231.140.54:18629 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
BR 189.110.210.195:37029 tcp
US 8.8.8.8:53 mgpcbgp.net udp
MD 5.56.114.6:34132 tcp
US 8.8.8.8:53 jbmzprfm.info udp
US 8.8.8.8:53 eeueccewmeem.com udp
RS 94.156.158.219:19631 tcp
US 8.8.8.8:53 dhhkwlatix.net udp
US 8.8.8.8:53 dggerxaiqqd.com udp
US 8.8.8.8:53 yigmxyjgihoc.info udp
BG 87.97.174.81:37591 tcp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 piusdaf.info udp
US 8.8.8.8:53 aobxhewrsiy.info udp
US 8.8.8.8:53 wcsbrpz.net udp
BG 77.236.165.175:27133 tcp
US 8.8.8.8:53 yniorrzn.info udp
US 8.8.8.8:53 jjrefkv.net udp
TW 114.25.66.163:32525 tcp
TW 114.25.66.163:32525 tcp
US 8.8.8.8:53 zmxczjhml.org udp
TR 78.169.67.181:26921 tcp
US 8.8.8.8:53 nzhrocdfpog.info udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 kyhslb.info udp
US 8.8.8.8:53 cptqnmbwxsm.info udp
BG 77.236.165.175:27133 tcp
US 8.8.8.8:53 nhmyomxjv.info udp
BR 201.27.210.115:18323 tcp
SE 92.2.15.166:26386 tcp
US 8.8.8.8:53 qqpmjufys.net udp
US 8.8.8.8:53 vlxtzfdgpsff.net udp
BG 89.215.196.9:39265 tcp
US 8.8.8.8:53 mdgcvl.info udp
US 8.8.8.8:53 gsscwmyyusis.org udp
US 8.8.8.8:53 bctwfgikb.org udp
BG 77.71.25.133:36089 tcp
US 8.8.8.8:53 acytuge.net udp
BG 77.236.171.20:33144 tcp
US 8.8.8.8:53 orhqxybbna.info udp
US 8.8.8.8:53 eutrjms.info udp
US 8.8.8.8:53 vyyynebevwp.com udp
BG 151.237.114.2:26434 tcp
US 8.8.8.8:53 uuogdcue.net udp
US 8.8.8.8:53 quvccdjyr.info udp
RU 77.35.201.32:37793 tcp
US 8.8.8.8:53 drfshlvqhof.net udp
US 8.8.8.8:53 bcoovgglkow.net udp
US 8.8.8.8:53 uwmmyeis.com udp
MK 31.11.76.79:43722 tcp
US 8.8.8.8:53 hjdwltphj.com udp
US 8.8.8.8:53 qyjxvcif.net udp
BG 78.128.94.67:36130 tcp
US 8.8.8.8:53 vrqsnegazmv.org udp
US 8.8.8.8:53 awcqwucmaeui.org udp
US 8.8.8.8:53 leviambuswl.net udp
US 8.8.8.8:53 whdcfhtnivdg.net udp
US 8.8.8.8:53 tkncpuwqb.org udp
US 8.8.8.8:53 ttkmvykq.net udp
US 8.8.8.8:53 jwtjbphh.info udp
US 8.8.8.8:53 ooogqmia.org udp
US 8.8.8.8:53 izvlohst.info udp
BG 77.236.171.20:33144 tcp
US 8.8.8.8:53 lsrmmkbmf.org udp
US 8.8.8.8:53 oauqskqauy.com udp
US 8.8.8.8:53 apqaidfwpfzp.info udp
US 8.8.8.8:53 iiyqke.org udp
US 8.8.8.8:53 vcfaaoj.com udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 dmjpvtptlwnr.net udp
US 8.8.8.8:53 hfbihufhjue.net udp
US 8.8.8.8:53 ljjmlwhk.net udp
US 8.8.8.8:53 bltoztdgktok.net udp
US 8.8.8.8:53 vkavbfdfzwbh.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 xkvsfkhqcl.info udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 oqmcuwwaugwa.com udp
US 8.8.8.8:53 mohsdyohd.net udp
US 8.8.8.8:53 anbwpjfw.info udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 hjphgcxdon.net udp
US 8.8.8.8:53 lifmbpgot.com udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp

Files

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

MD5 d58cc07de62a1188e63291451b9de901
SHA1 058c85e32d1d64ce9b04a35ffdb77bb5eb0421de
SHA256 32608031ec0164118a9f2c5620f6f7fa4b8ffb32d1f4d2be0f7f2fd8bd2c2e52
SHA512 706b50d2101e600609c35b04efda6a00244426af9a7787405237983af678337d322e3e516c9c0857702b36800d244b73fbf7d55847afe46771fe927c25b6dd99

C:\Windows\SysWOW64\ojsqhythchexfqycxi.exe

MD5 bdee5e351d4080f6d88d3fb9c6c09c60
SHA1 f8b229a69b7b932ffb0ac6d71aec90137c583a18
SHA256 04d3522972566a2b189144c86441058f1af5641a67cdaf39e246f91ba23bf5c5
SHA512 35c3b392784ac85f9794e1eb75d55e9d651e2f13782175791eeb07fef86f5360f681e3e0be9d8fe0c6b1495ed4edd07e6eaec2f2c46c5026faa812fb0858842b

C:\Users\Admin\AppData\Local\Temp\mvsejo.exe

MD5 bd122bdeaf4e60238d7257d330720e6f
SHA1 c7ff169684b2cab39ee09be9a7e5408e627a924d
SHA256 aae7baeb2ee7e34d3b84af4a4706c7d7261833e356d2c1a01718a4ecf7bf2b21
SHA512 e3a94ba919f6a79bdf3ad33c680f798ee2c29a699b602bd13740e7d58286da9e42d2a9314c1a11eb9ec5a34bb82311e68a6a5312e8cc3a09603cbe1b024c6829

C:\Users\Admin\AppData\Local\bjfquyghphrxsqlckiqmxbfnowo.ezx

MD5 1e08b94dfc368b18beaf0e8fbd304d96
SHA1 f87e7648ad39438802de2eabe3331d99abf7352f
SHA256 9eaafcfa09d8e4f3d4ce3e013a082460aa03fe231f67cb5a1f48db8fb5b59029
SHA512 3d3ecb4927c2a473d5cd0c489717a289d8858a361a9652e1d0152881abe4dc3f69d74850a03d9bbe6ebc15d5d3e4e351a27c42c35c101610609eac8cc039346a

C:\Users\Admin\AppData\Local\yryujyrdwzulragibkdkgvkdpilgxdmsunwpws.wpb

MD5 c4bae1849407095acc3bd259f2da73be
SHA1 a8b47e5c0f34c6b30c103117876d8db7c2a7443a
SHA256 79e03f972fa6005669fd2c2d9fc03f02447903dbec51244ba0f9619c7d628377
SHA512 91374c0495d31cc6e12c36542ec6221d82f6c715f9903ea7e2a2eba10f210f5a56cac8bc7e390a1edade335cdbc10253fc24f4184bcc793e14c34d0c95869a43

C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx

MD5 3c7d8fff5b7d82190628b0535f6f5f1e
SHA1 aa7c1a6c2946cffacb7ef0857d42ca84b9a50412
SHA256 b41496d424dc6fa4cd3b09db70ec7917d42386c7f6f05e41d9038a9675f225b0
SHA512 de79a96745f6449a18ccd89aeef38a058f0a20edfcd4a6eb54bc6bd06d534ce1e58f82158e1fef0776a899d8b9d1265451acec0ae73b4a01d28f77fff3909163

C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx

MD5 00f6e949d4f88631907c456c84afef39
SHA1 7d273165af294bbcd13259b471a51d23648abf7e
SHA256 0fb37f0c058b3fa8276c50b64d9e76f857812c9c65ad6c2e951d7f407ae6f2da
SHA512 57a133b9c1f410a1bc0ed74422d1814f54b2260bc982f716715a34ad75e88ef26180331d3754de8459d78449c3d2b32b2d3843558d2bcd5e0cba159f43350b53

C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx

MD5 89976eddd1ec49719dbf87b636ee6526
SHA1 63c8b6e6c08e3557e13f7d0e3ad21318d87462db
SHA256 244ac0a9ba4d54aad39d5d4f10afe74404a42c64812ecf39a9a1ca34fcf8abed
SHA512 2a6504474fa8a4988f97246617dd08669da7b7d11fe577d4e51f1987de23bed270ad21bb689a8060dda96314b65ce885842b4cf6a9a4163ee97b3a119970b73e

C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx

MD5 ba14d975a65874b1f7ddf4a72c4b625e
SHA1 165ea8777d8851e9a483f4d464e209fc45782b6d
SHA256 557c82d450b2968bb470c09a8cf0e07cad7f8b0b67e8dc9dc4516a1637c02c4f
SHA512 f351091dc91bae7de14fa4a5a2aa61f029ba35f1b752a3a2e3242fc40342ccd647c4b4614f8f57eb8610ca7b6e93fb35f73b52b32bb0d7a23998af09d34a6b8f

C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx

MD5 95d307b9ddd446b498669e9fa0b3986f
SHA1 0fa3c14f538683f58bab8810737146c19021f1c3
SHA256 3feaa30ff4799545e008aeda6f2c9d1933bd4c2ce6deb2d86313aa0c7861a5d4
SHA512 2eaf8c891caf7c2f39a0ebc71441c801d6c86f7f89914674c7aff1508a7453f213a0924ac32c218548237dfcfaba9f494f6d37d2a8c7b0b7d141168aaf81aba5

C:\Program Files (x86)\bjfquyghphrxsqlckiqmxbfnowo.ezx

MD5 8dfc36df30478e35e1945017feb046c2
SHA1 f6c4cd5b1315a6d10b638b38e5c8f8ca775c6d52
SHA256 04a2809e0b8e58ad7d3ec0886fe22430f13154e4c999ba1c70422a21d68d795c
SHA512 003aaf1e2a02c97377d5d4f0de162cf647571317c00cc2f1ddb724703346ba9940e1fd992c18131132635c1401f4275572763c8f0068664926f082893884f7cf

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-18 11:52

Reported

2025-04-18 11:54

Platform

win10v2004-20250314-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pbivkzfrkqfr = "lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\enrbnzclb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\evhztnypnysjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\nfslgbnfeqldxojmmt.exe N/A
N/A N/A C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
N/A N/A C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
N/A N/A C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
N/A N/A C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
N/A N/A C:\Windows\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Windows\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\xnypiblbyibrjyrs.exe N/A
N/A N/A C:\Windows\xnypiblbyibrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
N/A N/A C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
N/A N/A C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
N/A N/A C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\nfslgbnfeqldxojmmt.exe N/A
N/A N/A C:\Windows\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
N/A N/A C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
N/A N/A C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
N/A N/A C:\Windows\nfslgbnfeqldxojmmt.exe N/A
N/A N/A C:\Windows\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Windows\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\evhztnypnysjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\xnypiblbyibrjyrs.exe N/A
N/A N/A C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
N/A N/A C:\Windows\xnypiblbyibrjyrs.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "nfslgbnfeqldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "avlhfdsnpecxuomsvfojz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "nfslgbnfeqldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "avlhfdsnpecxuomsvfojz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "nfslgbnfeqldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "xnypiblbyibrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "lfupmjxrsgdxtmjoqzhb.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfupmjxrsgdxtmjoqzhb.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrfzvrexxkgzumimnvc.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "yrfzvrexxkgzumimnvc.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "xnypiblbyibrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "evhztnypnysjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xnypiblbyibrjyrs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avlhfdsnpecxuomsvfojz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xhmxkxblcg = "yrfzvrexxkgzumimnvc.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pdmbsjrfaizndq = "xnypiblbyibrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\shrhzraplumbsgy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfslgbnfeqldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\objxndkxryobq = "xnypiblbyibrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\sdjvjxcnfky = "nfslgbnfeqldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File created C:\Windows\SysWOW64\fhehmrnpyuzbfglyizprorwb.zie C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\objxndkxryobqcsqlnobjxndkxryobqcsql.obj C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\objxndkxryobqcsqlnobjxndkxryobqcsql.obj C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File created C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Program Files (x86)\objxndkxryobqcsqlnobjxndkxryobqcsql.obj C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\fhehmrnpyuzbfglyizprorwb.zie C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\objxndkxryobqcsqlnobjxndkxryobqcsql.obj C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
File opened for modification C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\nfslgbnfeqldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\xnypiblbyibrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\rnebazploedzxsrycnxtkh.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avlhfdsnpecxuomsvfojz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\xnypiblbyibrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\nfslgbnfeqldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 5512 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2044 wrote to memory of 5512 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2044 wrote to memory of 5512 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4516 wrote to memory of 4292 N/A C:\Windows\system32\cmd.exe C:\Windows\nfslgbnfeqldxojmmt.exe
PID 4516 wrote to memory of 4292 N/A C:\Windows\system32\cmd.exe C:\Windows\nfslgbnfeqldxojmmt.exe
PID 4516 wrote to memory of 4292 N/A C:\Windows\system32\cmd.exe C:\Windows\nfslgbnfeqldxojmmt.exe
PID 3472 wrote to memory of 3456 N/A C:\Windows\system32\cmd.exe C:\Windows\avlhfdsnpecxuomsvfojz.exe
PID 3472 wrote to memory of 3456 N/A C:\Windows\system32\cmd.exe C:\Windows\avlhfdsnpecxuomsvfojz.exe
PID 3472 wrote to memory of 3456 N/A C:\Windows\system32\cmd.exe C:\Windows\avlhfdsnpecxuomsvfojz.exe
PID 3456 wrote to memory of 4732 N/A C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3456 wrote to memory of 4732 N/A C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3456 wrote to memory of 4732 N/A C:\Windows\avlhfdsnpecxuomsvfojz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2704 wrote to memory of 4540 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 2704 wrote to memory of 4540 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 2704 wrote to memory of 4540 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 4476 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\yrfzvrexxkgzumimnvc.exe
PID 4476 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\yrfzvrexxkgzumimnvc.exe
PID 4476 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\yrfzvrexxkgzumimnvc.exe
PID 4676 wrote to memory of 4864 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
PID 4676 wrote to memory of 4864 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
PID 4676 wrote to memory of 4864 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe
PID 4684 wrote to memory of 408 N/A C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4684 wrote to memory of 408 N/A C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4684 wrote to memory of 408 N/A C:\Windows\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4568 wrote to memory of 5312 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
PID 4568 wrote to memory of 5312 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
PID 4568 wrote to memory of 5312 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe
PID 5312 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5312 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5312 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3656 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
PID 3656 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
PID 3656 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe
PID 3408 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
PID 3408 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
PID 3408 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe
PID 2468 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2468 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2468 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5512 wrote to memory of 5364 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe
PID 5512 wrote to memory of 5364 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe
PID 5512 wrote to memory of 5364 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe
PID 5512 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe
PID 5512 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe
PID 5512 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\afflt.exe
PID 5944 wrote to memory of 1500 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 5944 wrote to memory of 1500 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 5944 wrote to memory of 1500 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 452 wrote to memory of 2944 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 452 wrote to memory of 2944 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 452 wrote to memory of 2944 N/A C:\Windows\system32\cmd.exe C:\Windows\lfupmjxrsgdxtmjoqzhb.exe
PID 6000 wrote to memory of 5136 N/A C:\Windows\system32\cmd.exe C:\Windows\evhztnypnysjcsmon.exe
PID 6000 wrote to memory of 5136 N/A C:\Windows\system32\cmd.exe C:\Windows\evhztnypnysjcsmon.exe
PID 6000 wrote to memory of 5136 N/A C:\Windows\system32\cmd.exe C:\Windows\evhztnypnysjcsmon.exe
PID 3616 wrote to memory of 5708 N/A C:\Windows\system32\cmd.exe C:\Windows\evhztnypnysjcsmon.exe
PID 3616 wrote to memory of 5708 N/A C:\Windows\system32\cmd.exe C:\Windows\evhztnypnysjcsmon.exe
PID 3616 wrote to memory of 5708 N/A C:\Windows\system32\cmd.exe C:\Windows\evhztnypnysjcsmon.exe
PID 5708 wrote to memory of 800 N/A C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5708 wrote to memory of 800 N/A C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5708 wrote to memory of 800 N/A C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5136 wrote to memory of 3380 N/A C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5136 wrote to memory of 3380 N/A C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5136 wrote to memory of 3380 N/A C:\Windows\evhztnypnysjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5604 wrote to memory of 4632 N/A C:\Windows\system32\cmd.exe C:\Windows\xnypiblbyibrjyrs.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\afflt.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe"

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_bdee5e351d4080f6d88d3fb9c6c09c60.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\afflt.exe

"C:\Users\Admin\AppData\Local\Temp\afflt.exe" "-C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe"

C:\Users\Admin\AppData\Local\Temp\afflt.exe

"C:\Users\Admin\AppData\Local\Temp\afflt.exe" "-C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avlhfdsnpecxuomsvfojz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\xnypiblbyibrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\xnypiblbyibrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\evhztnypnysjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe

C:\Users\Admin\AppData\Local\Temp\yrfzvrexxkgzumimnvc.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avlhfdsnpecxuomsvfojz.exe*."

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\evhztnypnysjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\evhztnypnysjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c evhztnypnysjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c nfslgbnfeqldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\evhztnypnysjcsmon.exe

evhztnypnysjcsmon.exe

C:\Windows\avlhfdsnpecxuomsvfojz.exe

avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\nfslgbnfeqldxojmmt.exe

nfslgbnfeqldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe

C:\Windows\lfupmjxrsgdxtmjoqzhb.exe

lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c yrfzvrexxkgzumimnvc.exe .

C:\Windows\yrfzvrexxkgzumimnvc.exe

yrfzvrexxkgzumimnvc.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c xnypiblbyibrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfslgbnfeqldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe

C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\nfslgbnfeqldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfupmjxrsgdxtmjoqzhb.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe .

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\avlhfdsnpecxuomsvfojz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\yrfzvrexxkgzumimnvc.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\lfupmjxrsgdxtmjoqzhb.exe*."

C:\Windows\xnypiblbyibrjyrs.exe

xnypiblbyibrjyrs.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.40.87:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.40.87:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 142.251.31.91:80 www.youtube.com tcp
DE 116.203.215.11:31803 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 sehciwrxa.net udp
US 8.8.8.8:53 dqvezdvcw.com udp
US 8.8.8.8:53 syrvtwtfzy.info udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 wqjdcdj.net udp
US 8.8.8.8:53 zcfujytjyzb.info udp
US 8.8.8.8:53 dgelskplzhpr.net udp
US 8.8.8.8:53 yxhytljuvmnj.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 jpbinbzwz.info udp
US 8.8.8.8:53 vsqhdvrxwill.net udp
US 8.8.8.8:53 bpfezdoc.net udp
US 8.8.8.8:53 nkqyzjdbvst.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 ucsiqawm.org udp
US 8.8.8.8:53 cdnvtqfayzot.net udp
US 8.8.8.8:53 fmkchlp.net udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 vvtkffnc.net udp
US 8.8.8.8:53 wcymrcxut.info udp
US 8.8.8.8:53 pybezriyv.net udp
US 8.8.8.8:53 ggoiisygwcmc.org udp
US 8.8.8.8:53 dzevrqzfcs.info udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 mgoakski.org udp
US 8.8.8.8:53 fgpavwvmqazy.net udp
US 8.8.8.8:53 oihooeumus.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 enuzvfjssg.net udp
US 8.8.8.8:53 hhxlfg.net udp
US 8.8.8.8:53 lazeqaq.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 njsrbmva.net udp
US 8.8.8.8:53 vmizskerfk.info udp
US 8.8.8.8:53 zflsqqudot.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 npsamycinqi.net udp
US 8.8.8.8:53 rowgtwgb.net udp
US 8.8.8.8:53 nepasmb.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 wqockoqwuc.org udp
US 8.8.8.8:53 dmaexyb.net udp
US 8.8.8.8:53 lvhrpmwexg.net udp
US 8.8.8.8:53 geaxvu.info udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 jkdxjkzn.net udp
US 8.8.8.8:53 vrrzzib.com udp
US 8.8.8.8:53 ywknbghwrub.net udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 sqnmliyuzou.net udp
US 8.8.8.8:53 fyamvoautdy.info udp
US 8.8.8.8:53 tfffvple.net udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 rwxmfasohtq.com udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 plvzfbz.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 eogunlgw.net udp
US 8.8.8.8:53 jssewqd.org udp
US 8.8.8.8:53 dlrfmsvzin.net udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 ebmmrt.info udp
US 8.8.8.8:53 kuusasowiu.com udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 midcbxgy.net udp
US 8.8.8.8:53 ohoapxl.info udp
US 8.8.8.8:53 wsoyimea.org udp
US 8.8.8.8:53 mqrwfsb.net udp
US 8.8.8.8:53 sgwwmouiqo.com udp
US 8.8.8.8:53 qqwuicmm.com udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 oesukj.net udp
US 8.8.8.8:53 cogzuezadjr.net udp
US 8.8.8.8:53 hekogukffjjs.net udp
US 8.8.8.8:53 mjrdfyh.net udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 aoplkiv.info udp
US 8.8.8.8:53 bbbhxfzana.info udp
US 8.8.8.8:53 qgghjtumbn.net udp
US 8.8.8.8:53 oobbvxz.info udp
US 8.8.8.8:53 cnjahstkpac.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 bwaaxjz.net udp
US 8.8.8.8:53 zdxhhurx.info udp
US 8.8.8.8:53 ecaqemyg.com udp
US 8.8.8.8:53 megogq.org udp
US 8.8.8.8:53 vhzzzh.net udp
US 8.8.8.8:53 xyvmqzpiiw.net udp
US 8.8.8.8:53 ugcygcyup.info udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 oezkduhsd.info udp
US 8.8.8.8:53 dgxzatecqivr.info udp
BG 5.53.158.130:20773 tcp
US 8.8.8.8:53 pvqbvhaw.info udp
US 8.8.8.8:53 hoyepoxuv.info udp
US 8.8.8.8:53 lcmcxyukdrx.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 abbodqzxxo.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 mdtwxoi.info udp
US 8.8.8.8:53 rizwgujypuf.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 vtjmkcnc.info udp
US 8.8.8.8:53 mksamumssqui.org udp
US 8.8.8.8:53 gsoqks.org udp
US 8.8.8.8:53 nlgcgvzaqfqg.info udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 uaiaoacq.org udp
US 8.8.8.8:53 seesxedzloxh.net udp
US 8.8.8.8:53 syggaowoiuwe.com udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 ekzqzadcjgo.net udp
US 8.8.8.8:53 cvzepbvlnc.net udp
US 8.8.8.8:53 apajoy.net udp
US 8.8.8.8:53 osvppx.info udp
US 8.8.8.8:53 zndmeitwdxv.org udp
US 8.8.8.8:53 nmwqkd.net udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 ncnpflbqh.org udp
US 8.8.8.8:53 jubhlpdmz.net udp
US 8.8.8.8:53 bhlybedwh.info udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 dkhgjgc.com udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 twpyffi.org udp
US 8.8.8.8:53 vyryulcb.net udp
US 8.8.8.8:53 skywyumxq.net udp
KZ 95.58.12.59:21832 tcp
US 8.8.8.8:53 efpujq.net udp
US 8.8.8.8:53 wayiga.org udp
US 8.8.8.8:53 mjzrdjf.net udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 bcrtln.net udp
US 8.8.8.8:53 ugxkprponp.info udp
US 8.8.8.8:53 zmrksxx.net udp
US 8.8.8.8:53 ykzejkr.info udp
US 8.8.8.8:53 corrrdh.info udp
US 8.8.8.8:53 iaxdrsotynt.net udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 svrfyptdcyie.info udp
US 8.8.8.8:53 cyeimkweuwmy.com udp
US 8.8.8.8:53 nqddxab.com udp
US 8.8.8.8:53 tszuhktnf.org udp
US 8.8.8.8:53 ffmichmgdu.info udp
US 8.8.8.8:53 ukmzic.net udp
US 8.8.8.8:53 egoymxke.net udp
US 8.8.8.8:53 jansoebilxe.net udp
US 8.8.8.8:53 qvkigqsy.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 ycmmgusg.com udp
US 8.8.8.8:53 cygeoy.org udp
US 8.8.8.8:53 putqyeb.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 keeszmd.info udp
US 8.8.8.8:53 bjfsfiztdka.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 hruecw.net udp
US 8.8.8.8:53 pmxahwsyzf.net udp
US 8.8.8.8:53 rmkrls.net udp
US 8.8.8.8:53 tnrvfgyztvmt.net udp
US 8.8.8.8:53 ccynxkm.info udp
US 8.8.8.8:53 pozuxkh.com udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 ckaugc.com udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 ndrczml.net udp
US 8.8.8.8:53 nrjqtifyb.com udp
US 8.8.8.8:53 xvnonqecpco.com udp
US 8.8.8.8:53 dtzmdkjn.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 bwkhrzh.org udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 youqfcjwo.net udp
US 8.8.8.8:53 kioqaciicyys.com udp
US 8.8.8.8:53 lgxweyl.com udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 ewzgsqreozs.net udp
US 8.8.8.8:53 zpqnptmffn.info udp
US 8.8.8.8:53 qohcngigt.net udp
US 8.8.8.8:53 iigakwmgam.com udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 obmehgleewzw.info udp
US 8.8.8.8:53 ikoqskgsesoa.org udp
US 8.8.8.8:53 hjcnpiqcksax.info udp
US 8.8.8.8:53 rcuwesfzn.info udp
US 8.8.8.8:53 suvgxjrg.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 vgjlhibcb.org udp
US 8.8.8.8:53 riyyqerx.net udp
US 8.8.8.8:53 ggrqrghii.net udp
US 8.8.8.8:53 rxmsbotduncs.info udp
US 8.8.8.8:53 eefufemkpwq.info udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 ttnesgpv.info udp
RU 109.110.63.134:24405 tcp
US 8.8.8.8:53 qcbmiixnr.net udp
US 8.8.8.8:53 occmwcso.com udp
US 8.8.8.8:53 knjkhgii.info udp
US 8.8.8.8:53 xueseudn.info udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 rebobnnyksr.net udp
US 8.8.8.8:53 ioofwv.net udp
US 8.8.8.8:53 akprxj.net udp
US 8.8.8.8:53 fcdadbvijtdv.info udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 uwjqpkjbf.net udp
US 8.8.8.8:53 wnpnlvjszgv.net udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 ncdceebd.info udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 bwjkpsxdlqio.net udp
US 8.8.8.8:53 ftbleog.net udp
US 8.8.8.8:53 mulcvdg.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 hxmirbrwnx.net udp
US 8.8.8.8:53 vyvyjmeaosid.net udp
US 8.8.8.8:53 ycxqtxpczwo.info udp
US 8.8.8.8:53 nqjhhj.net udp
US 8.8.8.8:53 bxxdxqiwxij.org udp
US 8.8.8.8:53 kijwkkhi.net udp
US 8.8.8.8:53 atkzfclhbift.info udp
US 8.8.8.8:53 xsfqaxr.org udp
US 8.8.8.8:53 buvxhaxaz.com udp
US 8.8.8.8:53 oahmrh.info udp
US 8.8.8.8:53 vgrkxrlpjwgo.info udp
US 8.8.8.8:53 ukiouaqo.com udp
US 8.8.8.8:53 jalnisdrxv.info udp
US 8.8.8.8:53 wacccu.com udp
US 8.8.8.8:53 pwrunxoyy.info udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 lvpmxt.info udp
US 8.8.8.8:53 wppzyynk.net udp
US 8.8.8.8:53 cydwvmbog.info udp
US 8.8.8.8:53 ygmgiqsk.com udp
US 8.8.8.8:53 fqhdfktrliay.net udp
US 8.8.8.8:53 zvckwl.info udp
US 8.8.8.8:53 dvdaitkxlpdd.info udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 fuxgaitiaah.org udp
US 8.8.8.8:53 mhfrwkrahpjo.info udp
US 8.8.8.8:53 pmngyuxnvuyr.info udp
LT 78.60.70.116:40348 tcp
US 8.8.8.8:53 uuesbj.info udp
US 8.8.8.8:53 zkdanlmh.info udp
US 8.8.8.8:53 icnyvie.net udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 agvgix.info udp
US 8.8.8.8:53 xsvaemvnthvd.info udp
US 8.8.8.8:53 wqxqxoimcmhs.net udp
US 8.8.8.8:53 dhzkwy.net udp
US 8.8.8.8:53 hapcvminvor.org udp
US 8.8.8.8:53 hydchcldclom.net udp
US 8.8.8.8:53 vrfzspdzjsl.org udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 laujkoczih.info udp
US 8.8.8.8:53 hrktybmqvudb.net udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 njmkhnhyeyt.info udp
US 8.8.8.8:53 vymehinmh.org udp
US 8.8.8.8:53 scdfnsykn.net udp
US 8.8.8.8:53 kvvnahthyr.info udp
US 8.8.8.8:53 mqmusaseioos.com udp
US 8.8.8.8:53 aypqhyhqr.info udp
US 8.8.8.8:53 iyeehnm.info udp
US 8.8.8.8:53 cefadodit.net udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 gaufzuhtlm.net udp
US 8.8.8.8:53 tyejybqe.info udp
US 8.8.8.8:53 djfggabkdxu.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 ipftuktg.info udp
US 8.8.8.8:53 lxmxyw.info udp
US 8.8.8.8:53 nfpghbqjqeoz.info udp
US 8.8.8.8:53 vjwlnmpiuwwn.net udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 pnoixj.info udp
US 8.8.8.8:53 eipcsotovcy.info udp
US 8.8.8.8:53 bhxlbvxevd.info udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 bcduzrwgklw.net udp
US 8.8.8.8:53 fpboby.net udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 otrncozw.info udp
US 8.8.8.8:53 uxzpeylehgx.info udp
US 8.8.8.8:53 uqabcxeglyof.info udp
US 8.8.8.8:53 pgdwedwos.info udp
US 8.8.8.8:53 kzymvcjzyc.info udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 mipgjarvuuua.net udp
US 8.8.8.8:53 ewvlqklkmam.info udp
RU 46.252.124.26:19228 tcp
US 8.8.8.8:53 cwmuok.org udp
US 8.8.8.8:53 jjpyrgbgtoa.com udp
US 8.8.8.8:53 htkkdc.info udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
US 8.8.8.8:53 bhqgkgau.info udp
US 8.8.8.8:53 dhswvice.info udp
US 8.8.8.8:53 bbquoh.net udp
US 8.8.8.8:53 sikcwyig.org udp
US 8.8.8.8:53 vdvqxias.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 sqxovalsxul.net udp
US 8.8.8.8:53 kmzumhrqjjft.info udp
US 8.8.8.8:53 kxyuozlwmlhj.info udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 lmvcrancf.com udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 bhfuppqcv.net udp
US 8.8.8.8:53 oackhmn.net udp
US 8.8.8.8:53 qkqinfcouw.info udp
US 8.8.8.8:53 yhhzdbrkmfic.info udp
US 8.8.8.8:53 eiccme.org udp
US 8.8.8.8:53 fgtfxntyluvc.net udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 qvhsyenu.net udp
US 8.8.8.8:53 hjucwjcg.info udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 iixqhbp.info udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 gazefmucduz.info udp
US 8.8.8.8:53 qgpgoovlltj.net udp
US 8.8.8.8:53 bjpkejhxsxrv.info udp
US 8.8.8.8:53 qivcfzf.info udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 hyrlqmsvzljs.info udp
BG 130.204.128.71:34377 tcp
US 8.8.8.8:53 yeauom.com udp
US 8.8.8.8:53 tspwjcv.net udp
US 8.8.8.8:53 qmsfriz.info udp
US 8.8.8.8:53 cwcyaa.com udp
US 8.8.8.8:53 cavbvixeibj.net udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 tkxgylbmaus.net udp
US 8.8.8.8:53 iixjlujr.net udp
US 8.8.8.8:53 nsukeerez.net udp
US 8.8.8.8:53 tmtilsrmt.com udp
US 8.8.8.8:53 qcmwaiisui.com udp
US 8.8.8.8:53 fpdzcf.net udp
US 8.8.8.8:53 tcncdtfll.org udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 mgqeqc.com udp
US 8.8.8.8:53 mfchjz.info udp
US 8.8.8.8:53 ujmseyynas.net udp
US 8.8.8.8:53 bjhednehsxuc.net udp
US 8.8.8.8:53 iqxyxwdgndx.info udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 vwzyzptqxcc.info udp
US 8.8.8.8:53 kqgdnff.info udp
US 8.8.8.8:53 aqjwzgc.net udp
US 8.8.8.8:53 fyqswgqkfmn.info udp
US 8.8.8.8:53 jvtsrshltca.info udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 flbqaejcnfo.org udp
US 8.8.8.8:53 qenwlanthj.net udp
US 8.8.8.8:53 zapcjiqwl.com udp
US 8.8.8.8:53 fiqhvg.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 bvzvraxzhztt.net udp
US 8.8.8.8:53 wtvqfp.info udp
US 8.8.8.8:53 tlplrswl.info udp
US 8.8.8.8:53 amqwqbxglhai.info udp
US 8.8.8.8:53 qmkblogxnxc.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 bjgtfrhemd.info udp
US 8.8.8.8:53 fzquolomju.info udp
US 8.8.8.8:53 kuvclswjv.net udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 nuwxblwhcrzx.info udp
US 8.8.8.8:53 lrjgmct.net udp
US 8.8.8.8:53 zahnslpsimhq.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 anxkfypgxqj.net udp
US 8.8.8.8:53 yrbrplsyvi.net udp
US 8.8.8.8:53 uemmpqx.info udp
US 8.8.8.8:53 yqeguwesag.com udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 awqiywgo.com udp
US 8.8.8.8:53 lmdyvca.org udp
US 8.8.8.8:53 vwvwywdoh.net udp
US 8.8.8.8:53 ymdjuv.net udp
US 8.8.8.8:53 augkpssgn.net udp
US 8.8.8.8:53 mmyups.info udp
US 8.8.8.8:53 xgzqtcrcx.info udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 vvnrjttc.net udp
US 8.8.8.8:53 laydfipusg.net udp
US 8.8.8.8:53 wokwfed.info udp
US 8.8.8.8:53 caddwfdxf.info udp
US 8.8.8.8:53 lmztgrgutd.info udp
US 8.8.8.8:53 owzodol.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 hcjihgzldyr.org udp
US 8.8.8.8:53 ymlvnuortib.info udp
US 8.8.8.8:53 lofecflgqw.net udp
US 8.8.8.8:53 iosaquue.org udp
US 8.8.8.8:53 pvawaqhwljb.info udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 izbhnj.info udp
US 8.8.8.8:53 tubrrdfdlhrc.net udp
US 8.8.8.8:53 hllnzrt.org udp
US 8.8.8.8:53 noaxgrj.net udp
US 8.8.8.8:53 sckegams.org udp
US 8.8.8.8:53 jphhtgd.com udp
US 8.8.8.8:53 wdgbllvsu.net udp
US 8.8.8.8:53 bdnhjj.net udp
US 8.8.8.8:53 natzczwe.info udp
US 8.8.8.8:53 dvbgdeeyb.info udp
US 8.8.8.8:53 ddnsggv.net udp
US 8.8.8.8:53 waxniiqcoa.net udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 csvhszkn.net udp
US 8.8.8.8:53 ylvdmoacbcby.net udp
US 8.8.8.8:53 ueakvvvuxsx.info udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 wemwmk.com udp
US 8.8.8.8:53 kttxoshkt.info udp
US 8.8.8.8:53 zoyrfkl.com udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 xwjsrww.net udp
US 8.8.8.8:53 wiwuyqucmy.com udp
US 8.8.8.8:53 kukcoaeqogew.org udp
US 8.8.8.8:53 byncqgdrp.net udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 tdtfkghr.info udp
US 8.8.8.8:53 uccngvtazn.info udp
RU 77.35.201.32:37793 tcp
US 8.8.8.8:53 iotwrfenggs.info udp
US 8.8.8.8:53 gtfeyrdohspd.net udp
US 8.8.8.8:53 kcogssomaske.org udp
US 8.8.8.8:53 iivixanid.info udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 xevglyhyqfb.net udp
US 8.8.8.8:53 ignjoukdhogb.net udp
US 8.8.8.8:53 ashwsez.info udp
US 8.8.8.8:53 oknntw.net udp
US 8.8.8.8:53 swdvbyf.net udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 egwoee.com udp
US 8.8.8.8:53 laeuhcxmhej.org udp
US 8.8.8.8:53 ygmshyw.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 olfijm.net udp
US 8.8.8.8:53 qywxjrv.info udp
US 8.8.8.8:53 jedozhtwlm.info udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 aukyvwh.net udp
US 8.8.8.8:53 byrczsvqbep.net udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 eqjeryub.net udp
US 8.8.8.8:53 vndtuvkbqn.net udp
US 8.8.8.8:53 revuncvwh.info udp
US 8.8.8.8:53 ngfmbp.net udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 japhxc.net udp
US 8.8.8.8:53 fypmyau.net udp
US 8.8.8.8:53 eqjbsubh.info udp
US 8.8.8.8:53 zvieicl.net udp
US 8.8.8.8:53 tmewxhvsi.org udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 nygqlgcq.info udp
US 8.8.8.8:53 nlfacb.info udp
US 8.8.8.8:53 klkgbdahiwui.info udp
US 8.8.8.8:53 jcjydup.org udp
US 8.8.8.8:53 tcyormp.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 aedkbqjqc.net udp
US 8.8.8.8:53 bwgybqtqg.org udp
US 8.8.8.8:53 myfwnis.info udp
MD 5.56.114.6:34132 tcp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 fatrwodcn.org udp
US 8.8.8.8:53 koyyscmu.com udp
US 8.8.8.8:53 fpwlpixhgaos.net udp
US 8.8.8.8:53 xyoxjm.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 aogqfjl.info udp
US 8.8.8.8:53 kigmyiwuss.org udp
US 8.8.8.8:53 sdlulmf.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 dmyydjvty.org udp
RO 91.239.128.186:34591 tcp
US 8.8.8.8:53 c.pki.goog udp
NL 173.194.69.94:80 c.pki.goog tcp
RO 91.239.128.186:34591 tcp
US 8.8.8.8:53 ccbuzsmmnwg.net udp
RU 95.70.118.170:20980 tcp
US 8.8.8.8:53 mawgljzxjh.info udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 xrnkgyjuqfeg.net udp
US 8.8.8.8:53 cqddhwc.net udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 aekckwei.com udp
US 8.8.8.8:53 ounteiv.net udp
US 8.8.8.8:53 rwwwriokp.net udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 xeaizijityu.org udp
US 8.8.8.8:53 mwxikev.net udp
KZ 95.58.12.59:21832 tcp
US 8.8.8.8:53 qqlwaep.info udp
US 8.8.8.8:53 qbbshs.net udp
US 8.8.8.8:53 wsfxpojsfpck.net udp
US 8.8.8.8:53 irlmvlrya.net udp
US 8.8.8.8:53 msinvgj.info udp
US 8.8.8.8:53 rwklkcu.net udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 zyizrbp.com udp
US 8.8.8.8:53 gcmgridxp.info udp
RS 94.156.158.219:19631 tcp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 qmrqnnaibpbj.info udp
US 8.8.8.8:53 runsxfl.net udp
US 8.8.8.8:53 zyaxhqfgy.org udp
US 8.8.8.8:53 wmrvrqpilql.info udp
US 8.8.8.8:53 gqcehci.info udp
US 8.8.8.8:53 xvrozoypmj.info udp
US 8.8.8.8:53 wkwehtqvgz.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 dnclmcrprd.info udp
US 8.8.8.8:53 mqqiqiuqkkyw.com udp
US 8.8.8.8:53 viuowpurajfi.info udp
US 8.8.8.8:53 rnnqoel.org udp
US 8.8.8.8:53 pcuqjp.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 ywywqcem.com udp
US 8.8.8.8:53 wdrogymszt.info udp
US 8.8.8.8:53 jsdmnlbk.net udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 llztpyevmcb.com udp
US 8.8.8.8:53 bcvviich.net udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 zaouhtwbpr.net udp
US 8.8.8.8:53 xxbnrxbojfty.info udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 irybdymegzoj.net udp
US 8.8.8.8:53 hpdmtkuofyxc.net udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 ohkeets.net udp
US 8.8.8.8:53 bkikddrnnkn.net udp
US 8.8.8.8:53 vbllui.info udp
US 8.8.8.8:53 ayceaeogegmc.org udp
US 8.8.8.8:53 ghvluw.info udp
US 8.8.8.8:53 eyloictmjkv.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 hozurkc.org udp
US 8.8.8.8:53 lrhixqmise.net udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 vrdghpqh.info udp
US 8.8.8.8:53 muwzkevi.info udp
BG 77.236.165.175:27133 tcp
US 8.8.8.8:53 oowyaock.org udp
US 8.8.8.8:53 rybwlvut.info udp
US 8.8.8.8:53 cpgpwgdwkfkh.net udp
US 8.8.8.8:53 jqfijitjd.com udp
US 8.8.8.8:53 yxxxvp.net udp
US 8.8.8.8:53 jupcjjpuvahh.info udp
US 8.8.8.8:53 zbvxcawqg.org udp
US 8.8.8.8:53 kabpyee.info udp
US 8.8.8.8:53 uqdquodht.info udp
US 8.8.8.8:53 nyxlmeviwn.info udp
US 8.8.8.8:53 jsdwpu.info udp
US 8.8.8.8:53 gackrmjzg.info udp
US 8.8.8.8:53 zvussvxjquoq.info udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 zvhnfzmd.info udp
US 8.8.8.8:53 yshkavzsr.info udp
US 8.8.8.8:53 uwoaqcug.com udp
US 8.8.8.8:53 euouqqmq.com udp
US 8.8.8.8:53 xsgyinczlkmj.info udp
US 8.8.8.8:53 bpbygz.info udp
US 8.8.8.8:53 jbrgsvxidgjn.info udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 qarsjiqwl.net udp
US 8.8.8.8:53 daeibvh.net udp
US 8.8.8.8:53 oeztro.net udp
US 8.8.8.8:53 ffhyheh.net udp
US 8.8.8.8:53 uwsspsy.info udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 oyfajuxj.net udp
US 8.8.8.8:53 bdhwwjjj.info udp
US 8.8.8.8:53 uupajebnvik.info udp
US 8.8.8.8:53 upsxne.info udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 jwnqhrhupyg.net udp
US 8.8.8.8:53 rszktpnmv.com udp
US 8.8.8.8:53 fzfgsgvn.net udp
US 8.8.8.8:53 qucglhn.info udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 wsslhctxrzh.net udp
US 8.8.8.8:53 gyroqyd.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 xhfuhgdouxvx.net udp
US 8.8.8.8:53 ffjnqazhlm.net udp
US 8.8.8.8:53 fkcymxon.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 yttdtbbb.net udp
US 8.8.8.8:53 rgmudgkbvf.info udp
US 8.8.8.8:53 rzugqqvsqgb.com udp
US 8.8.8.8:53 xfgmmkszwu.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 jfruodhahh.net udp
US 8.8.8.8:53 jlwpjewqhewb.net udp
US 8.8.8.8:53 nzfsfohicei.net udp
US 8.8.8.8:53 mgzokzmr.info udp
US 8.8.8.8:53 gmmovvrpxh.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 kmvtvk.info udp
US 8.8.8.8:53 bylsrpty.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 ivazwa.info udp
US 8.8.8.8:53 ubfbwbdygu.info udp
US 8.8.8.8:53 wpnjqnfepcl.net udp
US 8.8.8.8:53 xszslotxg.org udp
US 8.8.8.8:53 dysweazul.org udp
US 8.8.8.8:53 rutgykbdxwb.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 ismeeyks.org udp
US 8.8.8.8:53 tvczluid.info udp
US 8.8.8.8:53 lmnhoyr.com udp
US 8.8.8.8:53 tmezjobct.org udp
BG 213.231.140.54:18629 tcp
US 8.8.8.8:53 auvmsmnazmj.info udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 jlvryvtehu.net udp
US 8.8.8.8:53 brylkwtmfvfn.net udp
US 8.8.8.8:53 rctihabal.com udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 qucuaaawiugm.com udp
US 8.8.8.8:53 tpbpwrcbhuiz.info udp
US 8.8.8.8:53 fwuipglco.net udp
US 8.8.8.8:53 vmzghlie.info udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 cutuwew.info udp
US 8.8.8.8:53 rzenrgjokbvp.net udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 xyxtdrtw.net udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
US 8.8.8.8:53 ucwomsqe.org udp
US 8.8.8.8:53 eoswowoy.org udp
US 8.8.8.8:53 xntvdeldko.net udp
US 8.8.8.8:53 tutshmd.org udp
US 8.8.8.8:53 tglfwp.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 kgnabklywko.net udp
US 8.8.8.8:53 wdfedat.info udp
US 8.8.8.8:53 rapdvwh.org udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 dkxeoqa.info udp
US 8.8.8.8:53 ghiwewgspn.info udp
US 8.8.8.8:53 buxwxgjsaqu.info udp
US 8.8.8.8:53 rpbyxvdt.info udp
US 8.8.8.8:53 msyxrnmfinzv.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 pmxhfkb.net udp
US 8.8.8.8:53 vsltvpo.org udp
US 8.8.8.8:53 sscmkqkgckya.org udp
US 8.8.8.8:53 ehrtibs.info udp
US 8.8.8.8:53 vcrapudrlyx.com udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 cuomaiksqmog.org udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 waeozjapjfks.info udp
US 8.8.8.8:53 qqpeenzliej.info udp
US 8.8.8.8:53 zipdhf.info udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 htdsjpfpi.info udp
US 8.8.8.8:53 csggwiguge.com udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 mkjabsieh.net udp
US 8.8.8.8:53 aieiscis.org udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 kwpsjbsvfn.net udp
US 8.8.8.8:53 jhkublzprj.net udp
US 8.8.8.8:53 ucjadin.net udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 wmaepig.net udp
RU 109.110.63.134:24405 tcp
US 8.8.8.8:53 caugusue.org udp
US 8.8.8.8:53 dvnxdkp.info udp
US 8.8.8.8:53 zidzbz.info udp
US 8.8.8.8:53 whdcfhtnivdg.net udp
US 8.8.8.8:53 zsjglwvglkf.com udp
US 8.8.8.8:53 bilaxeutke.net udp
US 8.8.8.8:53 fsaovkt.info udp
US 8.8.8.8:53 ewigsgkuycqo.org udp
US 8.8.8.8:53 whxtecpsls.net udp
US 8.8.8.8:53 oomgkkyg.com udp
US 8.8.8.8:53 hatpfumez.com udp
US 8.8.8.8:53 ednlpq.net udp
US 8.8.8.8:53 vexgbxp.org udp
US 8.8.8.8:53 tscmqnrxg.com udp
US 8.8.8.8:53 qtfdthykibd.net udp
US 8.8.8.8:53 eogkuc.org udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 alhmwscdcsms.info udp
US 8.8.8.8:53 qnmueiam.net udp
US 8.8.8.8:53 xgdnrio.com udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 eoxoxaz.net udp
US 8.8.8.8:53 zffkhwluckmk.info udp
US 8.8.8.8:53 fziznuyo.net udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 yceqew.com udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 hckqaghalaf.info udp
US 8.8.8.8:53 bitszwdkl.net udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 iuiwyqmeuc.com udp
US 8.8.8.8:53 wseuoyosqgck.com udp
US 8.8.8.8:53 hqbgvwfx.net udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 pwkurai.net udp
US 8.8.8.8:53 lxxixlxpcf.info udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 cddotdfud.net udp
US 8.8.8.8:53 fgtinrnt.info udp
US 8.8.8.8:53 vhijtvboq.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 erzhirqvzghp.net udp
US 8.8.8.8:53 joresgxopgd.org udp
US 8.8.8.8:53 foknzoqz.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 dwjwmslso.net udp
US 8.8.8.8:53 dmrindn.net udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 gehfir.net udp
US 8.8.8.8:53 rhjrmjpgiwy.com udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 wukmsaekiq.com udp
US 8.8.8.8:53 uwhjbpyv.net udp
US 8.8.8.8:53 qccgkmkc.org udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 eqdnezux.info udp
US 8.8.8.8:53 fyjkjhpwb.org udp
US 8.8.8.8:53 zkfchwvgd.info udp
US 8.8.8.8:53 psrrqakzlx.info udp
US 8.8.8.8:53 eobwrzv.net udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 ummymm.org udp
US 8.8.8.8:53 caqekweo.com udp
US 8.8.8.8:53 legtael.net udp
US 8.8.8.8:53 ubqrbcslpfdl.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 bjxpobsylm.net udp
US 8.8.8.8:53 pyfatygyiex.com udp
US 8.8.8.8:53 wctczadafor.net udp
US 8.8.8.8:53 qunznxrblk.net udp
US 8.8.8.8:53 ckmiohrnxguw.info udp
US 8.8.8.8:53 fkchgxzxfcrp.info udp
US 8.8.8.8:53 nzitfaav.info udp
US 8.8.8.8:53 zhqbxjxl.net udp
US 8.8.8.8:53 puxdmhrp.net udp
US 8.8.8.8:53 eafgroxtk.info udp
US 8.8.8.8:53 oxmhymbhhqvl.info udp
US 8.8.8.8:53 agaweu.org udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 dqistxi.net udp
US 8.8.8.8:53 foktdktiw.org udp
US 8.8.8.8:53 dcmevok.com udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 pxxzohroecbp.info udp
US 8.8.8.8:53 egjgxgmek.info udp
US 8.8.8.8:53 ixpvxtnqvb.net udp
US 8.8.8.8:53 aoonvhlwef.info udp
US 8.8.8.8:53 vrywrbb.com udp
US 8.8.8.8:53 fafegvf.net udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 jpakcl.net udp
US 8.8.8.8:53 xypxhx.info udp
US 8.8.8.8:53 lhfaigrgz.info udp
BG 77.77.28.177:14149 tcp
US 8.8.8.8:53 xzzazbfqx.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 einmsoxsasp.info udp
US 8.8.8.8:53 pmmkdrxixtgj.info udp
US 8.8.8.8:53 qyffooarp.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 rbfutoj.com udp
US 8.8.8.8:53 rpvrlcnpupqc.info udp
US 8.8.8.8:53 qypzvt.info udp
US 8.8.8.8:53 zcdsxgfjw.org udp
US 8.8.8.8:53 fkmakomwb.org udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 iayssq.org udp
US 8.8.8.8:53 geumtvlsv.info udp
US 8.8.8.8:53 uykpxgrmozah.info udp
US 8.8.8.8:53 duaopkv.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 rhxcxga.org udp
US 8.8.8.8:53 oqknufjhsxoq.net udp
US 8.8.8.8:53 omduxqg.net udp
US 8.8.8.8:53 xapexbbszmf.org udp
US 8.8.8.8:53 rinxyipkv.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 fkxkjgnky.info udp
US 8.8.8.8:53 hexopdcexkke.info udp
US 8.8.8.8:53 rdsinonhjh.net udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 wckkiaki.com udp
US 8.8.8.8:53 ynkejlk.net udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 ckyeoleofgxj.info udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 lapydshhrv.net udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 zpzyqngyuave.net udp
US 8.8.8.8:53 nygadseimxh.net udp
US 8.8.8.8:53 jkyvxmnjkc.info udp
US 8.8.8.8:53 loimlohai.net udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 budwzonimlyb.net udp
US 8.8.8.8:53 ysnktkamd.info udp
MD 93.116.161.233:27459 tcp
US 8.8.8.8:53 twnpey.net udp
US 8.8.8.8:53 zonqcl.net udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 iujmgrhipeb.net udp
US 8.8.8.8:53 utfeky.net udp
US 8.8.8.8:53 eovaksrgywq.info udp
US 8.8.8.8:53 awwagoku.com udp
US 8.8.8.8:53 vnsanoolwcdd.net udp
US 8.8.8.8:53 nqpcnuv.info udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 aymwje.info udp
US 8.8.8.8:53 yqpwhcegwqp.info udp
US 8.8.8.8:53 rhkqfsylb.net udp
US 8.8.8.8:53 pyglbynwx.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 vyxnvw.net udp
US 8.8.8.8:53 ozhfaxxjbp.info udp
US 8.8.8.8:53 jencnxhbd.org udp
US 8.8.8.8:53 zwhxiwn.com udp
US 8.8.8.8:53 bfhfhdbdge.net udp
US 8.8.8.8:53 oczyhzf.net udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 cmuanqlbfu.info udp
US 8.8.8.8:53 fogeicaifup.com udp
US 8.8.8.8:53 ozfxbirmhuhx.info udp
US 8.8.8.8:53 rxezxdhtxm.net udp
US 8.8.8.8:53 hihuoajqrwb.net udp
US 8.8.8.8:53 luhqzwduo.info udp
US 8.8.8.8:53 uyziru.info udp
US 8.8.8.8:53 xspnmkr.info udp
US 8.8.8.8:53 qsqackgkio.org udp
US 8.8.8.8:53 woogaecoas.org udp
US 8.8.8.8:53 zzwpverv.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 gqtmbqs.net udp
US 8.8.8.8:53 mscxpilwdsn.info udp
US 8.8.8.8:53 wwcyokmcsa.org udp
US 8.8.8.8:53 gnpctq.net udp
US 8.8.8.8:53 xfdfwapsjs.info udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 lesmmkxy.info udp
US 8.8.8.8:53 hdmevlj.org udp
US 8.8.8.8:53 macgoah.info udp
US 8.8.8.8:53 nzyddpxgorfm.net udp
US 8.8.8.8:53 zsdfnwuay.net udp
US 8.8.8.8:53 wurmwojcp.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 ioduvvtyyud.info udp
US 8.8.8.8:53 yuvgzwn.net udp
US 8.8.8.8:53 wfznvxqz.info udp
US 8.8.8.8:53 hwtbzkf.com udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 fzdzqswx.info udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 vzxmfjjm.info udp
US 8.8.8.8:53 jqicsbohyedk.net udp
US 8.8.8.8:53 whxvvccdqz.info udp
US 8.8.8.8:53 uvngie.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 lvckcdnwf.info udp
US 8.8.8.8:53 aggsrah.net udp
US 8.8.8.8:53 ioumglci.net udp
US 8.8.8.8:53 ggzuiavyrzn.info udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 qbqcqmphdw.net udp
US 8.8.8.8:53 jvnrpdb.com udp
BG 89.25.19.164:26151 tcp
US 8.8.8.8:53 pxnrhhd.org udp
US 8.8.8.8:53 bozfzjyeib.net udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 wgibfrupbtkx.net udp
US 8.8.8.8:53 bxzqfyzcuak.org udp
US 8.8.8.8:53 tnkuguinhd.net udp
US 8.8.8.8:53 pzdeduimwm.info udp

Files

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

MD5 9a56ff1becb0600083de82a43e1124c3
SHA1 f8b668520dee890ba8d3e9e465d2aa676079d849
SHA256 3dfce6dcda0edfea1cdb7e94a34624fb9e5d31430ed4280628a27ede32a72baa
SHA512 5c121c9771bdd1bcca684fd5fb2b32c04b222ec3827812c18740506cbbdbe8a7a6d034708cc9a9dfcbfda636e179d02d31b3ff2ef2478c7abad9b36c6577acab

C:\Windows\SysWOW64\nfslgbnfeqldxojmmt.exe

MD5 bdee5e351d4080f6d88d3fb9c6c09c60
SHA1 f8b229a69b7b932ffb0ac6d71aec90137c583a18
SHA256 04d3522972566a2b189144c86441058f1af5641a67cdaf39e246f91ba23bf5c5
SHA512 35c3b392784ac85f9794e1eb75d55e9d651e2f13782175791eeb07fef86f5360f681e3e0be9d8fe0c6b1495ed4edd07e6eaec2f2c46c5026faa812fb0858842b

C:\Users\Admin\AppData\Local\Temp\afflt.exe

MD5 f9bdd428895e582fbf6bc64260074fb8
SHA1 3d0a2f07940d1bb5480a0a10c5ef244885d231b3
SHA256 8e2c66fce56bc6ddf3f03a1b602cbc92664b9c6af56d18b73c01544f90a0e32d
SHA512 457d09d3eb8b1273d9e7a4a566b52099c05d347860b28d75ea0aa9d8b77d8f3b4ffacb4e0b1aedb509aca172ee96a577a93ba239f30971938fc8d0a91754f203

C:\Users\Admin\AppData\Local\fhehmrnpyuzbfglyizprorwb.zie

MD5 c63ce840e0d1c7e55b56ca83c7038903
SHA1 f7f9a4117c8433d5e39e417df806ce1cd99bb785
SHA256 4bdd290580064c79b378ce788c51af726f39b14f6915dffa27509eebb0bccde2
SHA512 bf6fa15419630669105204f04ae3983f2fff07367db9da826e4e8e05cbccd4d2398ff9d80d60be0f0252179736053028cabdf849bf0ffdc7f2b29497d0f63c50

C:\Users\Admin\AppData\Local\objxndkxryobqcsqlnobjxndkxryobqcsql.obj

MD5 40a25e8f8ab081d829f22a5ab780677a
SHA1 fe85fc71cf63782f87d1f063dee5d507bc7e03d1
SHA256 3e6bcdea611bb59f9cd53babfbd86c8b2aaf493e319b3a0da7b322a67d8c663a
SHA512 1d6e4e67674aa7a21c29cbfa23988b2028ede941fc4b67532ce5c98bb7a205f7a33cd3ebddd82217d2bfbf683e62c7f4de8aca67b8201b67aee152c269bcb01d

C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie

MD5 f54b8773c16578b5cfa0fd7168bdd5ca
SHA1 7593dcb7c8375763859aecfb32075a4af4ab80ee
SHA256 4c280f169d298734ca9a80b38fe91634317de2d299e3bd4a6274bc35cda12a8e
SHA512 bafc56497f5c3b1cafe5affad65b849642c20099275af551df68fada6b500030ec8a7e3292d1c3d293384b1b6472a458b947bbae986af0bd7b17a2ccad5743a3

C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie

MD5 c5b345d8b88107aa9f4d3ce635a4ce30
SHA1 f8ee8db7e991a734adaec9851893c6edd7dcfc65
SHA256 9ac11008e312f4bccfae9dcb677f8b41294e9eab4ca60924d7fa4867e0c7d183
SHA512 ce00ad2765c7364697021e06144306b83b86ed9deb03a8b7f477545f0eb0851422c55e5b129e5e2eee9d8737d0804f2c0e93da523177f910ae90b76d27b62796

C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie

MD5 f78ed3c6d7a8f99f8226059d7eadd1e9
SHA1 0fc05a071a4c3ae1e51a367c42e129ea3ee346e7
SHA256 feb26801e88f197e1b751612cbe9983d3ea1c54fb73ac400153fc0998dc4a302
SHA512 25013e76dc0211ebf2c472b0474695ab9b95f6c3a83dd1e992f3db5af522afb021355b35f35719ce0d37c3cdbab60ea8f21c4d9e564885f43e89cb38fdac4e26

C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie

MD5 f2f8f566418be4785bb6acd761253e14
SHA1 72f97b4754e7f5fe74ddb21857cacd5d09937d80
SHA256 8cc19748066640d794109708adac2a056c579e7c3a2b5f812d0069732dcb18b3
SHA512 3a0e0db1bfd1bc5197d1785e1b7170ef5b5356c36d88fb0d2cad5a287e233f501415f27ef878eeba28ddd48a328872001fb9733db3d04345ba590a995bc989e7

C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie

MD5 34f980880264ec93ca42f9e7a5b5f369
SHA1 821af5ca72015dafc2a4f287e222fc8c7a9946eb
SHA256 7c080c3147e8dc672219bb296c7f6462c062df9ee6e7fe4f94580aed2d1caeaa
SHA512 5f0c7765540f32df2b9e0a4cf38b2932fd8874eabee15cd5e650d5ccb6fb7d89ed0c28f2fbd08a77f7c50a5b3e1e6020d0592f7686c6a1c0c9b3b53b416b766f

C:\Program Files (x86)\fhehmrnpyuzbfglyizprorwb.zie

MD5 96bc89dbba6da175a0afc7387bbb843b
SHA1 4511ba4474edf6fd573e7634fa1ca48181dd9db7
SHA256 230894ad5c53bd084b2994606ec8693ca484f457b55b8aca2c07367c5efe9c79
SHA512 3bff372bae6335704cfa3707e29dabe9a5cd1c0e1be81c64def98dcbb66e731629594b05766ef93634b15ba502148addc48b60c70f7bc40e02e9f350bfbac698