Malware Analysis Report

2025-08-10 16:33

Sample ID 250421-gskbjawpt6
Target JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed
SHA256 26aa0051cdca76b6fea6ef46de623fc60b21b3adcb3100e3366ab638fe9c3a38
Tags
pykspa defense_evasion discovery persistence privilege_escalation trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

26aa0051cdca76b6fea6ef46de623fc60b21b3adcb3100e3366ab638fe9c3a38

Threat Level: Known bad

The file JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed was found to be: Known bad.

Malicious Activity Summary

pykspa defense_evasion discovery persistence privilege_escalation trojan worm

Modifies WinLogon for persistence

Pykspa

Pykspa family

UAC bypass

Detect Pykspa worm

Adds policy Run key to start application

Disables RegEdit via registry modification

Blocklisted process makes network request

Checks computer location settings

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Checks whether UAC is enabled

Hijack Execution Flow: Executable Installer File Permissions Weakness

Adds Run key to start application

Looks up external IP address via web service

Drops autorun.inf file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-04-21 06:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-04-21 06:04

Reported

2025-04-21 06:06

Platform

win10v2004-20250314-en

Max time kernel

49s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rhmgsivgtkzndq = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\uhjajwgoymy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\gzhetmcqgasjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\gzhetmcqgasjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\gzhetmcqgasjcsmon.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Windows\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
N/A N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Windows\zryuiapcrkbrjyrs.exe N/A
N/A N/A C:\Windows\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\zryuiapcrkbrjyrs.exe N/A
N/A N/A C:\Windows\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Windows\njuumibslidxtmjoqzjf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Windows\pjsqgargxsldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\pjsqgargxsldxojmmt.exe N/A
N/A N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\pjsqgargxsldxojmmt.exe N/A
N/A N/A C:\Windows\zryuiapcrkbrjyrs.exe N/A
N/A N/A C:\Windows\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Windows\avfevqiyqmgzumimnve.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Windows\gzhetmcqgasjcsmon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\pjsqgargxsldxojmmt.exe N/A
N/A N/A C:\Windows\zryuiapcrkbrjyrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
N/A N/A C:\Windows\pjsqgargxsldxojmmt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "czlmfcwoigcxuomsvfqnz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "czlmfcwoigcxuomsvfqnz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "zryuiapcrkbrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "njuumibslidxtmjoqzjf.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "pjsqgargxsldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "gzhetmcqgasjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\zryuiapcrkbrjyrs = "avfevqiyqmgzumimnve.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "czlmfcwoigcxuomsvfqnz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "njuumibslidxtmjoqzjf.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gzhetmcqgasjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "zryuiapcrkbrjyrs.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "gzhetmcqgasjcsmon.exe ." C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pjsqgargxsldxojmmt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "njuumibslidxtmjoqzjf.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\gzhetmcqgasjcsmon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\njuumibslidxtmjoqzjf.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "pjsqgargxsldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "czlmfcwoigcxuomsvfqnz.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "gzhetmcqgasjcsmon.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe ." C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjsqgargxsldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "avfevqiyqmgzumimnve.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\qfjcncoykaobq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\czlmfcwoigcxuomsvfqnz.exe ." C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "zryuiapcrkbrjyrs.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrmzqeqewmbsgy = "pjsqgargxsldxojmmt.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfiakyjsdsfr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avfevqiyqmgzumimnve.exe" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyip.everdot.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.whatismyip.ca N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\SysWOW64\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\SysWOW64\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File created C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Program Files (x86)\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File created C:\Windows\hlemmqrqrwzbfglyizrvowwa.abg C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\zryuiapcrkbrjyrs.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\hlemmqrqrwzbfglyizrvowwa.abg C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
File opened for modification C:\Windows\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\tregaytmhgdzxsrycnzxkm.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\pjsqgargxsldxojmmt.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
File opened for modification C:\Windows\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzhetmcqgasjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzhetmcqgasjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\gzhetmcqgasjcsmon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zryuiapcrkbrjyrs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\czlmfcwoigcxuomsvfqnz.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5796 wrote to memory of 5456 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5796 wrote to memory of 5456 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5796 wrote to memory of 5456 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 1544 wrote to memory of 4572 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 1544 wrote to memory of 4572 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 1544 wrote to memory of 4572 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 4608 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\czlmfcwoigcxuomsvfqnz.exe
PID 4608 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\czlmfcwoigcxuomsvfqnz.exe
PID 4608 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\czlmfcwoigcxuomsvfqnz.exe
PID 4808 wrote to memory of 5688 N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4808 wrote to memory of 5688 N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4808 wrote to memory of 5688 N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4544 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 4544 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 4544 wrote to memory of 5116 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 832 wrote to memory of 2308 N/A C:\Windows\system32\cmd.exe C:\Windows\avfevqiyqmgzumimnve.exe
PID 832 wrote to memory of 2308 N/A C:\Windows\system32\cmd.exe C:\Windows\avfevqiyqmgzumimnve.exe
PID 832 wrote to memory of 2308 N/A C:\Windows\system32\cmd.exe C:\Windows\avfevqiyqmgzumimnve.exe
PID 4784 wrote to memory of 4860 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
PID 4784 wrote to memory of 4860 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
PID 4784 wrote to memory of 4860 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe
PID 2308 wrote to memory of 1308 N/A C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2308 wrote to memory of 1308 N/A C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2308 wrote to memory of 1308 N/A C:\Windows\avfevqiyqmgzumimnve.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 4720 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
PID 4720 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
PID 4720 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe
PID 1100 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 1100 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 1100 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 2560 wrote to memory of 1480 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
PID 2560 wrote to memory of 1480 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
PID 2560 wrote to memory of 1480 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
PID 1516 wrote to memory of 3996 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
PID 1516 wrote to memory of 3996 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
PID 1516 wrote to memory of 3996 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe
PID 3996 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3996 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3996 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5456 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
PID 5456 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
PID 5456 wrote to memory of 3956 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
PID 5456 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
PID 5456 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
PID 5456 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe
PID 3704 wrote to memory of 5920 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
PID 3704 wrote to memory of 5920 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
PID 3704 wrote to memory of 5920 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe
PID 4108 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\mousocoreworker.exe
PID 4108 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\mousocoreworker.exe
PID 4108 wrote to memory of 1200 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\mousocoreworker.exe
PID 4660 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 4660 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 4660 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\gzhetmcqgasjcsmon.exe
PID 3012 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\czlmfcwoigcxuomsvfqnz.exe
PID 3012 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\czlmfcwoigcxuomsvfqnz.exe
PID 3012 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\czlmfcwoigcxuomsvfqnz.exe
PID 3008 wrote to memory of 5640 N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3008 wrote to memory of 5640 N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 3008 wrote to memory of 5640 N/A C:\Windows\czlmfcwoigcxuomsvfqnz.exe C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe
PID 5032 wrote to memory of 6080 N/A C:\Windows\gzhetmcqgasjcsmon.exe C:\Windows\pjsqgargxsldxojmmt.exe
PID 5032 wrote to memory of 6080 N/A C:\Windows\gzhetmcqgasjcsmon.exe C:\Windows\pjsqgargxsldxojmmt.exe
PID 5032 wrote to memory of 6080 N/A C:\Windows\gzhetmcqgasjcsmon.exe C:\Windows\pjsqgargxsldxojmmt.exe
PID 2984 wrote to memory of 4320 N/A C:\Windows\system32\cmd.exe C:\Windows\zryuiapcrkbrjyrs.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe"

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe

"C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe" "-C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe"

C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe

"C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe" "-C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\zryuiapcrkbrjyrs.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe .

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\zryuiapcrkbrjyrs.exe*."

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\njuumibslidxtmjoqzjf.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\avfevqiyqmgzumimnve.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\avfevqiyqmgzumimnve.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Windows\zryuiapcrkbrjyrs.exe

zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\avfevqiyqmgzumimnve.exe*."

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe

C:\Windows\avfevqiyqmgzumimnve.exe

avfevqiyqmgzumimnve.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\pjsqgargxsldxojmmt.exe

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\pjsqgargxsldxojmmt.exe*."

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\gzhetmcqgasjcsmon.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe

C:\Users\Admin\AppData\Local\Temp\czlmfcwoigcxuomsvfqnz.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\users\admin\appdata\local\temp\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\pjsqgargxsldxojmmt.exe

pjsqgargxsldxojmmt.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\njuumibslidxtmjoqzjf.exe

njuumibslidxtmjoqzjf.exe

C:\Windows\czlmfcwoigcxuomsvfqnz.exe

czlmfcwoigcxuomsvfqnz.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zryuiapcrkbrjyrs.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\gzhetmcqgasjcsmon.exe

gzhetmcqgasjcsmon.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c czlmfcwoigcxuomsvfqnz.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c gzhetmcqgasjcsmon.exe .

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\czlmfcwoigcxuomsvfqnz.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c avfevqiyqmgzumimnve.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zryuiapcrkbrjyrs.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

"C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe" "c:\windows\gzhetmcqgasjcsmon.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\njuumibslidxtmjoqzjf.exe .

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.showmyipaddress.com udp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 www.whatismyip.ca udp
US 8.8.8.8:53 whatismyip.everdot.org udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 104.21.74.56:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 8.8.8.8:53 www.whatismyip.ca udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 8.8.8.8:53 www.youtube.com udp
DE 142.250.181.206:80 www.youtube.com tcp
US 87.120.55.81:40804 tcp
US 8.8.8.8:53 gyuuym.org udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 nlqwurdxjqv.info udp
US 8.8.8.8:53 ujuixe.net udp
US 8.8.8.8:53 unxfuild.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 xqlklieunsg.info udp
US 8.8.8.8:53 drrykczqliwk.info udp
US 8.8.8.8:53 lgxmnxp.info udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 aqvytwt.info udp
US 8.8.8.8:53 rrxvqlao.net udp
US 8.8.8.8:53 ydjsanbplb.net udp
US 8.8.8.8:53 eaharf.net udp
US 8.8.8.8:53 hqtlrkfj.net udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 xnzovotwx.net udp
US 8.8.8.8:53 lfrstzhh.net udp
US 8.8.8.8:53 nlotajnm.info udp
US 8.8.8.8:53 dwbtrevcn.com udp
US 8.8.8.8:53 tsdgfckmb.com udp
US 8.8.8.8:53 lcrjygi.org udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 mfnrnhqeeyv.info udp
US 8.8.8.8:53 rersyak.info udp
US 8.8.8.8:53 mqiqeyieqqss.org udp
US 8.8.8.8:53 ylzwjjt.net udp
US 8.8.8.8:53 sedsnnpqniw.net udp
US 8.8.8.8:53 cydlrge.info udp
US 104.156.155.94:80 cydlrge.info tcp
US 8.8.8.8:53 goznlxhalsn.net udp
US 8.8.8.8:53 euxyhykczfj.info udp
US 8.8.8.8:53 zzdafaholy.net udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 kahgfcr.info udp
US 8.8.8.8:53 phdlxjta.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 eeaikaks.com udp
US 8.8.8.8:53 rrdoofbsz.net udp
US 8.8.8.8:53 fynthkl.net udp
US 8.8.8.8:53 ngsoxwyc.info udp
US 8.8.8.8:53 aqbnxjprks.net udp
US 8.8.8.8:53 szfofisovcr.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 ayxsfupon.info udp
US 8.8.8.8:53 qsgaci.com udp
US 8.8.8.8:53 mtearsxqx.info udp
US 8.8.8.8:53 oswwbug.net udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 wagojwbzr.info udp
US 8.8.8.8:53 fqyetgjpzuz.com udp
US 8.8.8.8:53 melbmcr.info udp
US 8.8.8.8:53 ssbilqryl.info udp
US 8.8.8.8:53 cylqbikdbm.net udp
US 8.8.8.8:53 jilritlklv.net udp
US 8.8.8.8:53 hvkesiomx.info udp
US 8.8.8.8:53 gffafyvw.info udp
US 8.8.8.8:53 ddpobim.org udp
DE 84.32.109.179:33407 tcp
US 8.8.8.8:53 tnnclvm.info udp
US 8.8.8.8:53 xepxjkcwpvz.net udp
US 8.8.8.8:53 rssmfoe.org udp
US 8.8.8.8:53 ruaywygsevfm.info udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 ummsvlki.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 tclgxmk.com udp
US 8.8.8.8:53 rjnedmzepik.net udp
US 8.8.8.8:53 wiiyea.com udp
US 8.8.8.8:53 booyrkl.org udp
US 8.8.8.8:53 oidktbl.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 pwsqjw.info udp
US 8.8.8.8:53 sokexcd.info udp
US 8.8.8.8:53 yrlsrvre.net udp
US 8.8.8.8:53 kyhklmpnt.net udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 nmlzfgsiezhz.net udp
US 8.8.8.8:53 muybtz.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 hanqmen.info udp
US 8.8.8.8:53 ygzrxrp.info udp
US 8.8.8.8:53 ccknyf.net udp
US 8.8.8.8:53 vndosnicpotw.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 cmewkweiwi.com udp
US 8.8.8.8:53 rltqnrca.info udp
US 8.8.8.8:53 uvlydbgi.info udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 tknijxcsl.org udp
US 8.8.8.8:53 flzlrl.net udp
US 8.8.8.8:53 hazovaquz.org udp
US 8.8.8.8:53 zgvixk.net udp
US 8.8.8.8:53 ueerfrkczrtq.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 gimgduo.net udp
US 8.8.8.8:53 imanxarbep.info udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 myzmjev.net udp
US 8.8.8.8:53 bpwuxe.info udp
US 8.8.8.8:53 oahisgpny.net udp
US 8.8.8.8:53 tyagpkb.com udp
US 8.8.8.8:53 kgucribs.info udp
US 8.8.8.8:53 rgnyneo.info udp
US 8.8.8.8:53 zyfitez.info udp
US 8.8.8.8:53 wpnfcbts.net udp
US 8.8.8.8:53 uzlols.info udp
US 8.8.8.8:53 leqdurjb.net udp
US 8.8.8.8:53 ukjunwllyt.info udp
US 8.8.8.8:53 dxikspgshgbk.info udp
US 8.8.8.8:53 scmgmn.net udp
US 8.8.8.8:53 bqhahvqqbbnl.net udp
US 8.8.8.8:53 lgmwshpwdp.net udp
US 8.8.8.8:53 hsteccazdkn.com udp
US 8.8.8.8:53 ncyytup.info udp
US 8.8.8.8:53 lysiwihaz.org udp
US 8.8.8.8:53 zgrjrexb.net udp
US 8.8.8.8:53 yvbymegelvb.net udp
US 8.8.8.8:53 xmvqbmg.com udp
US 8.8.8.8:53 fwogcqzjzt.net udp
US 8.8.8.8:53 sawuyaqiyoyc.org udp
US 8.8.8.8:53 iasxcbsi.info udp
US 8.8.8.8:53 uwecycwoewcy.org udp
US 8.8.8.8:53 eeueccewmeem.com udp
US 8.8.8.8:53 vexcnof.org udp
US 8.8.8.8:53 gthoprfe.net udp
US 8.8.8.8:53 vvfkpeb.com udp
US 8.8.8.8:53 urxixee.net udp
US 8.8.8.8:53 wajdpb.net udp
US 8.8.8.8:53 dwcfltbcgjpb.net udp
US 8.8.8.8:53 vlpxze.info udp
US 8.8.8.8:53 xvqyvpxd.info udp
US 8.8.8.8:53 rafdtpxafivh.info udp
US 8.8.8.8:53 skywyumxq.net udp
US 8.8.8.8:53 jqlllwu.info udp
US 8.8.8.8:53 gegnoutlc.info udp
LT 78.58.228.91:32359 tcp
US 8.8.8.8:53 iscycssu.org udp
US 8.8.8.8:53 zqnidjmgdyui.info udp
US 8.8.8.8:53 egsmyysc.org udp
US 8.8.8.8:53 veryltejfauu.net udp
US 8.8.8.8:53 rzlyhctslix.com udp
US 8.8.8.8:53 nshdioh.net udp
US 8.8.8.8:53 mkjbvkhix.info udp
US 8.8.8.8:53 bulzdydv.info udp
US 8.8.8.8:53 kgkmnmfstsh.net udp
US 8.8.8.8:53 kmpwhjmmspq.net udp
US 8.8.8.8:53 xgyyrdppgb.net udp
US 8.8.8.8:53 vfiomvnkwt.info udp
US 8.8.8.8:53 faqhlyk.net udp
US 8.8.8.8:53 ekqqcc.org udp
US 8.8.8.8:53 ecgzlqusp.net udp
US 8.8.8.8:53 uaiiigis.com udp
US 8.8.8.8:53 wsbuner.info udp
US 8.8.8.8:53 mjfhwjrso.net udp
US 8.8.8.8:53 dwfkeogzvhjn.info udp
US 8.8.8.8:53 qpbshpbqn.net udp
US 8.8.8.8:53 siausavra.net udp
US 8.8.8.8:53 dflqknsl.net udp
US 8.8.8.8:53 vkjolucysah.net udp
US 8.8.8.8:53 qtgqqinahbp.info udp
US 8.8.8.8:53 shdwedn.info udp
US 8.8.8.8:53 pqigtt.info udp
US 8.8.8.8:53 mkkmkgqquuke.com udp
US 8.8.8.8:53 tcvuvhjwh.info udp
US 8.8.8.8:53 vsfidvt.org udp
US 8.8.8.8:53 rjxuar.net udp
US 8.8.8.8:53 jubvpax.info udp
US 8.8.8.8:53 icjrqeyuu.info udp
US 8.8.8.8:53 aknsgwkcl.net udp
US 8.8.8.8:53 yonpraqfzz.info udp
US 8.8.8.8:53 esffxqbwfxix.net udp
US 8.8.8.8:53 ecbwysbz.info udp
US 8.8.8.8:53 skocgo.com udp
US 8.8.8.8:53 cceyge.org udp
US 8.8.8.8:53 njmyupro.net udp
US 8.8.8.8:53 fctgphpuhlw.net udp
US 8.8.8.8:53 vaxdhhzcd.org udp
BG 79.132.21.180:44788 tcp
US 8.8.8.8:53 gwwoasrgid.info udp
US 8.8.8.8:53 ckqkwqey.com udp
US 8.8.8.8:53 keqyinenviz.info udp
US 8.8.8.8:53 xrpwmsl.info udp
US 8.8.8.8:53 satxwxz.info udp
US 8.8.8.8:53 eqosgy.info udp
US 8.8.8.8:53 vwpszkb.com udp
US 8.8.8.8:53 ahkgvfbpposr.info udp
US 8.8.8.8:53 eihhykbeu.info udp
US 8.8.8.8:53 yimkxzip.net udp
US 8.8.8.8:53 iusioomq.org udp
US 8.8.8.8:53 jhizgcwtbytk.info udp
US 8.8.8.8:53 hyzfhropadci.net udp
US 8.8.8.8:53 tdquiloxbm.net udp
US 8.8.8.8:53 uycssa.org udp
US 8.8.8.8:53 wcsbrpz.net udp
US 8.8.8.8:53 vcmpdreyxm.info udp
US 8.8.8.8:53 nwzpgwnyrid.com udp
US 8.8.8.8:53 joktolce.info udp
US 8.8.8.8:53 lcdgnde.info udp
US 8.8.8.8:53 seurtkapg.net udp
US 8.8.8.8:53 uwcuws.org udp
US 8.8.8.8:53 bgskncggc.com udp
US 8.8.8.8:53 zcpolpym.info udp
US 8.8.8.8:53 fqcslafjh.info udp
US 8.8.8.8:53 exfshsnlv.net udp
US 8.8.8.8:53 azlfou.info udp
US 8.8.8.8:53 qkxyrmstagi.info udp
US 8.8.8.8:53 umyicieyee.org udp
US 8.8.8.8:53 yowqga.com udp
US 8.8.8.8:53 bgkfaeykpoi.info udp
US 8.8.8.8:53 lrpqoa.info udp
US 8.8.8.8:53 ruzhhhxkpwsa.net udp
US 8.8.8.8:53 vcsuct.net udp
US 8.8.8.8:53 gyogyyuukyca.com udp
US 8.8.8.8:53 yaieos.org udp
US 8.8.8.8:53 fgkaxijop.com udp
US 8.8.8.8:53 fqgnny.net udp
US 8.8.8.8:53 rxyudvgn.net udp
US 8.8.8.8:53 fepxukr.info udp
US 8.8.8.8:53 cudexlrsbz.net udp
US 8.8.8.8:53 cpkqxhba.info udp
US 8.8.8.8:53 fsyczawoha.info udp
US 8.8.8.8:53 qwufdzw.net udp
US 8.8.8.8:53 taswjfw.org udp
US 8.8.8.8:53 eukcwqiu.com udp
US 8.8.8.8:53 wixkjqnyg.info udp
US 8.8.8.8:53 degiihl.com udp
US 8.8.8.8:53 atkzfclhbift.info udp
BG 94.156.87.170:29216 tcp
US 8.8.8.8:53 koiuvgzyhzvf.net udp
US 8.8.8.8:53 dtmbplfdtlcr.info udp
US 8.8.8.8:53 aeitnijy.net udp
US 8.8.8.8:53 wueysyqiyg.org udp
US 8.8.8.8:53 tinlhspbf.org udp
US 8.8.8.8:53 jjrefkv.net udp
US 8.8.8.8:53 osqcyyccqe.com udp
US 8.8.8.8:53 cttmrtsxxniq.net udp
US 8.8.8.8:53 pklwcsjjhmp.info udp
US 8.8.8.8:53 xkpcfsyaz.info udp
US 8.8.8.8:53 zhtvrebu.net udp
US 8.8.8.8:53 kjskvzf.info udp
US 8.8.8.8:53 msomovxumq.info udp
US 8.8.8.8:53 xmasvgqmnoy.org udp
US 8.8.8.8:53 hkaoakhuxxj.net udp
US 8.8.8.8:53 wejxjch.net udp
US 8.8.8.8:53 lzbjkx.info udp
US 8.8.8.8:53 dytslstlntk.net udp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 oqcqyuaoys.com udp
US 8.8.8.8:53 kyilnx.net udp
US 8.8.8.8:53 cagmissuqkms.org udp
US 8.8.8.8:53 pxtbinwwguzq.net udp
US 8.8.8.8:53 qbjwmg.net udp
US 8.8.8.8:53 gaqkygwq.org udp
US 8.8.8.8:53 egwhlklqogo.info udp
US 8.8.8.8:53 tgiiohnytsah.info udp
US 8.8.8.8:53 oimwemcuuoms.com udp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 dkphaqhoj.com udp
US 8.8.8.8:53 mqhinba.net udp
US 8.8.8.8:53 jajuwct.com udp
US 8.8.8.8:53 tybftlzzjm.net udp
US 8.8.8.8:53 kgwuwmyiqg.com udp
US 8.8.8.8:53 qselzdpq.net udp
US 8.8.8.8:53 bpzorpfuhtf.org udp
US 8.8.8.8:53 htpeqjognnpm.info udp
US 8.8.8.8:53 tazsvnnmv.info udp
US 8.8.8.8:53 edogletf.info udp
US 8.8.8.8:53 esrcnez.info udp
US 8.8.8.8:53 vjhuylcnilhn.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 qzgqermax.net udp
US 8.8.8.8:53 sifvqbfb.info udp
US 8.8.8.8:53 yqcbzxpkbm.net udp
US 8.8.8.8:53 bqdindvszcl.com udp
US 8.8.8.8:53 qcfrnrtilzv.info udp
US 8.8.8.8:53 dywbdohqwyb.com udp
US 8.8.8.8:53 wcowcm.com udp
US 8.8.8.8:53 dykwknvmdfdj.info udp
LT 78.60.177.134:21038 tcp
US 8.8.8.8:53 eyyaocykom.org udp
US 8.8.8.8:53 lnnppmtvtpir.net udp
US 8.8.8.8:53 tpfgbtlt.info udp
US 8.8.8.8:53 wawaoiyk.com udp
US 8.8.8.8:53 dgbcfz.net udp
US 8.8.8.8:53 qxtvhp.info udp
US 8.8.8.8:53 pjyiemec.net udp
US 8.8.8.8:53 lczoradauoz.net udp
US 8.8.8.8:53 wornhstrx.info udp
US 8.8.8.8:53 lqpzvhbowm.info udp
US 8.8.8.8:53 dazulnj.org udp
US 8.8.8.8:53 mjfylyp.info udp
US 8.8.8.8:53 lfsilclqmawr.info udp
US 8.8.8.8:53 rwdnvzhnuf.info udp
US 8.8.8.8:53 ayimqoiwgkkc.org udp
US 8.8.8.8:53 lrovpxdoza.info udp
US 8.8.8.8:53 jzthxr.net udp
US 8.8.8.8:53 nepfhtuiek.net udp
US 8.8.8.8:53 bpryuyiywghd.net udp
US 8.8.8.8:53 xhndrbmenams.net udp
US 8.8.8.8:53 fjusznt.com udp
US 8.8.8.8:53 qmvyls.info udp
US 8.8.8.8:53 ykwmeksi.com udp
US 8.8.8.8:53 yqsbxpfbuv.net udp
US 8.8.8.8:53 sojotwg.net udp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 csaeaksckguw.com udp
US 8.8.8.8:53 dgivmun.org udp
US 8.8.8.8:53 csqaqwd.net udp
US 8.8.8.8:53 vjvlnnztmb.net udp
US 8.8.8.8:53 miwgsiaswsck.com udp
US 8.8.8.8:53 xmmfhrpcneiy.info udp
US 8.8.8.8:53 yojkaljecqs.info udp
US 8.8.8.8:53 cztsaukehdn.info udp
US 8.8.8.8:53 azvyqohymgp.net udp
US 8.8.8.8:53 lisykmslzon.org udp
US 8.8.8.8:53 diqmpyd.info udp
US 8.8.8.8:53 gohyzsfqh.info udp
US 8.8.8.8:53 ecegeakc.org udp
US 8.8.8.8:53 twihcsxshn.net udp
LT 78.61.82.223:41459 tcp
US 8.8.8.8:53 lgdccev.com udp
US 8.8.8.8:53 novwmnurcxbr.info udp
US 8.8.8.8:53 tsgkrkh.net udp
US 8.8.8.8:53 ootkjdzphd.net udp
US 8.8.8.8:53 paxizld.org udp
US 8.8.8.8:53 ewqqimuekk.org udp
US 8.8.8.8:53 aararuzmj.info udp
US 8.8.8.8:53 paxynfm.org udp
US 8.8.8.8:53 pctkgplslwl.net udp
US 8.8.8.8:53 kglohyite.net udp
US 8.8.8.8:53 ledydhpwkyt.net udp
US 8.8.8.8:53 zrizzt.net udp
US 8.8.8.8:53 azrhlxolu.info udp
US 8.8.8.8:53 gdoevktkgj.info udp
US 8.8.8.8:53 bajfri.info udp
US 8.8.8.8:53 rpzmtewldvm.org udp
US 8.8.8.8:53 nsjnpn.net udp
US 8.8.8.8:53 fkbetvwrew.net udp
US 8.8.8.8:53 lfazmpt.net udp
US 8.8.8.8:53 euuhix.info udp
US 8.8.8.8:53 ivewnr.info udp
US 8.8.8.8:53 msocwajdr.info udp
US 8.8.8.8:53 nqxijbihvn.info udp
US 8.8.8.8:53 iqgmfyl.info udp
US 8.8.8.8:53 yspynbdonzn.net udp
US 8.8.8.8:53 awogqmaicq.org udp
US 8.8.8.8:53 mmxwhcanylv.net udp
US 8.8.8.8:53 gcntwdrybp.net udp
US 8.8.8.8:53 xrctizgjhu.net udp
US 8.8.8.8:53 gdrjpgqqaums.info udp
US 8.8.8.8:53 iuhdgqxmz.net udp
US 8.8.8.8:53 urikojxrj.net udp
US 8.8.8.8:53 rfcqjgcwrllk.info udp
US 8.8.8.8:53 ngzipq.info udp
US 8.8.8.8:53 ecmkoaawye.org udp
US 8.8.8.8:53 jwydkpnqdj.info udp
US 8.8.8.8:53 yrlydtvbjm.net udp
US 8.8.8.8:53 mbmszvvcjh.net udp
US 8.8.8.8:53 xuyknanlf.net udp
US 8.8.8.8:53 dwrurhrch.net udp
US 8.8.8.8:53 ooewwc.org udp
US 8.8.8.8:53 zmrcakty.info udp
US 8.8.8.8:53 sitkfkiuwm.net udp
US 8.8.8.8:53 narqbbzwh.info udp
US 8.8.8.8:53 bfpcqgfyh.com udp
US 8.8.8.8:53 jypigkw.net udp
US 8.8.8.8:53 vdqjuuctpxhv.net udp
US 8.8.8.8:53 dyxetlqsigz.com udp
US 8.8.8.8:53 dazzdtbxhy.net udp
US 8.8.8.8:53 nweyxdm.net udp
US 8.8.8.8:53 pyxvjyrqe.net udp
US 8.8.8.8:53 bcfaeoa.org udp
US 8.8.8.8:53 wwkcluiqvqe.info udp
US 8.8.8.8:53 dmlutakit.info udp
US 8.8.8.8:53 euoetofgu.net udp
US 8.8.8.8:53 ngffhobw.info udp
US 8.8.8.8:53 uelacxnjhyn.info udp
US 8.8.8.8:53 omierhazkhgw.net udp
US 8.8.8.8:53 saukaygwucee.com udp
US 8.8.8.8:53 ldfkngli.net udp
US 8.8.8.8:53 rxiajt.info udp
LT 78.61.230.103:27669 tcp
US 8.8.8.8:53 jsouqupqyci.info udp
US 8.8.8.8:53 qyyukqaco.net udp
US 8.8.8.8:53 kwdrqyzrhd.net udp
US 8.8.8.8:53 rktshzjcvcyu.info udp
US 8.8.8.8:53 vfotpthcvhh.info udp
US 8.8.8.8:53 aaqkmyyg.com udp
US 8.8.8.8:53 senxjn.net udp
US 8.8.8.8:53 xrjmbmgmisvh.info udp
US 8.8.8.8:53 ztbounx.net udp
US 8.8.8.8:53 bxicrgsdef.info udp
US 8.8.8.8:53 uowwiq.com udp
US 8.8.8.8:53 jdvxvgrtdtlf.net udp
US 8.8.8.8:53 zgyxjtfrpi.net udp
US 8.8.8.8:53 tvnkjnceuyhk.info udp
US 8.8.8.8:53 jqtenkdayoy.org udp
US 8.8.8.8:53 csxugqn.net udp
US 8.8.8.8:53 jrleckr.info udp
US 8.8.8.8:53 oucwkmaiwg.com udp
US 8.8.8.8:53 wqyafi.net udp
US 8.8.8.8:53 oamssc.org udp
US 8.8.8.8:53 lvliwxsju.net udp
US 8.8.8.8:53 bpbqqmrvk.net udp
US 8.8.8.8:53 icmwigsqmi.org udp
US 8.8.8.8:53 wcgcuuiu.org udp
US 8.8.8.8:53 agfxoc.info udp
LT 78.61.146.226:30136 tcp
US 8.8.8.8:53 qwsurmuamqp.info udp
US 8.8.8.8:53 nhmyomxjv.info udp
US 8.8.8.8:53 vafiiriiuafd.info udp
US 8.8.8.8:53 qvzujl.info udp
US 8.8.8.8:53 uyyswo.com udp
US 8.8.8.8:53 aisckyujv.info udp
US 8.8.8.8:53 zqbsvof.com udp
US 8.8.8.8:53 yaqmcq.org udp
US 8.8.8.8:53 gnmneommxk.net udp
US 8.8.8.8:53 esuossckgwyg.com udp
US 8.8.8.8:53 tyzkrdhyl.info udp
US 8.8.8.8:53 yhuilxtvi.info udp
US 8.8.8.8:53 rphtxszpda.info udp
US 8.8.8.8:53 xolifsv.org udp
US 8.8.8.8:53 wxtcjinyw.net udp
US 8.8.8.8:53 xjxezblbf.net udp
US 8.8.8.8:53 aorgsoz.net udp
US 8.8.8.8:53 uafigavoatfn.net udp
US 8.8.8.8:53 azxqgm.net udp
US 8.8.8.8:53 vyvijbihvn.info udp
US 8.8.8.8:53 vsyfdiv.org udp
US 8.8.8.8:53 deqynwpifos.org udp
US 8.8.8.8:53 hsrofavrq.net udp
US 8.8.8.8:53 qawuieqgyqgw.org udp
US 8.8.8.8:53 llpwlrlwpx.net udp
US 8.8.8.8:53 oadcroqhmf.net udp
US 8.8.8.8:53 ecufjabmd.net udp
US 8.8.8.8:53 xeurno.info udp
US 8.8.8.8:53 bctwfgikb.org udp
US 8.8.8.8:53 dbxpdyeitkp.org udp
US 8.8.8.8:53 jlsdgredjcou.info udp
US 8.8.8.8:53 pkjbfblapau.com udp
US 8.8.8.8:53 fzqqksnzg.net udp
US 8.8.8.8:53 dvorjk.net udp
US 8.8.8.8:53 aeiamogwwqyc.org udp
US 8.8.8.8:53 vqncsas.com udp
US 8.8.8.8:53 qfcfrfipmplr.info udp
US 8.8.8.8:53 xmlymtnez.org udp
US 8.8.8.8:53 oekiqceqwq.org udp
US 8.8.8.8:53 nibfcgh.net udp
US 8.8.8.8:53 ggskwm.org udp
US 8.8.8.8:53 acziouvqch.net udp
US 8.8.8.8:53 odzbrjqoy.info udp
US 8.8.8.8:53 sgewajdutrr.info udp
US 8.8.8.8:53 eiskmy.org udp
US 8.8.8.8:53 qotilo.net udp
US 8.8.8.8:53 aalijqi.info udp
US 8.8.8.8:53 scokmuqygysc.com udp
US 8.8.8.8:53 fkblqmrxzoxv.net udp
US 8.8.8.8:53 dazmjml.info udp
US 8.8.8.8:53 yodxdhh.net udp
US 8.8.8.8:53 fnxzwzykjspz.net udp
US 8.8.8.8:53 rtyrzemmo.net udp
US 8.8.8.8:53 uauqek.com udp
US 8.8.8.8:53 odqisf.info udp
US 8.8.8.8:53 mrudjvaf.info udp
US 8.8.8.8:53 lqicoottvwr.com udp
US 8.8.8.8:53 kihhfvvotj.info udp
US 8.8.8.8:53 kwmsfupoz.info udp
US 8.8.8.8:53 ncpmyszzt.info udp
US 8.8.8.8:53 ffbfocmwnw.info udp
US 8.8.8.8:53 fykilkdg.net udp
US 8.8.8.8:53 kutfvgvox.net udp
US 8.8.8.8:53 tgticatwwkz.com udp
US 8.8.8.8:53 ybxsqlwexbnh.info udp
US 8.8.8.8:53 giogrde.info udp
US 8.8.8.8:53 iiamemsmgy.org udp
US 8.8.8.8:53 gaxjucpehvv.net udp
US 8.8.8.8:53 labwnpbrliuw.info udp
US 8.8.8.8:53 kkiamiym.com udp
US 8.8.8.8:53 rvxetshwfbrx.net udp
US 8.8.8.8:53 tnandun.net udp
US 8.8.8.8:53 jatdaajehomt.net udp
US 8.8.8.8:53 wwoiwppurkgt.net udp
US 8.8.8.8:53 iwayoabes.net udp
RU 95.70.98.170:15493 tcp
US 8.8.8.8:53 xpqoad.net udp
US 8.8.8.8:53 mwgkuyee.org udp
US 8.8.8.8:53 fxzizdp.org udp
US 8.8.8.8:53 boxaqrvupsdo.info udp
US 8.8.8.8:53 tobntmtwayu.info udp
US 8.8.8.8:53 dulkzkcgfot.com udp
US 8.8.8.8:53 uiceesz.info udp
US 8.8.8.8:53 jlvozbzqdqn.info udp
US 8.8.8.8:53 dqqvbuye.info udp
US 8.8.8.8:53 lwndquldxm.info udp
US 8.8.8.8:53 bzaydhbkyko.info udp
US 8.8.8.8:53 xunrzhjqqqn.com udp
US 8.8.8.8:53 yagyssscmw.org udp
US 8.8.8.8:53 wotgasneh.net udp
US 8.8.8.8:53 hkxahwpogrke.net udp
US 8.8.8.8:53 bqiicmdmmf.net udp
US 8.8.8.8:53 uoxjsmld.info udp
US 8.8.8.8:53 omoezabot.info udp
US 8.8.8.8:53 mrkwwr.net udp
US 8.8.8.8:53 hblwludrdov.net udp
US 8.8.8.8:53 vrlqwf.info udp
US 8.8.8.8:53 uaaaqime.com udp
US 8.8.8.8:53 bfhilgj.info udp
US 8.8.8.8:53 mnnczv.net udp
US 8.8.8.8:53 eywqhwnhru.info udp
US 8.8.8.8:53 ewiuauieao.com udp
US 8.8.8.8:53 nwzycqsskpmr.info udp
US 8.8.8.8:53 yjvwraf.net udp
US 8.8.8.8:53 qauceg.org udp
US 8.8.8.8:53 bjpwlrlwpx.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 oixqavhebff.info udp
DE 172.217.16.67:80 c.pki.goog tcp
US 8.8.8.8:53 hthtzhqo.info udp
US 8.8.8.8:53 cixcjknasgk.info udp
US 8.8.8.8:53 imwkkoik.com udp
US 8.8.8.8:53 mthuupsjlbjh.net udp
US 8.8.8.8:53 uafqdqa.net udp
US 8.8.8.8:53 pgtaxmvgqmb.com udp
US 8.8.8.8:53 rxfywmtjj.net udp
US 8.8.8.8:53 seqayqswyw.org udp
US 8.8.8.8:53 mppvlxed.info udp
US 8.8.8.8:53 sewuvwb.net udp
US 8.8.8.8:53 odwebcozyhn.net udp
US 8.8.8.8:53 ulhdtqkqdma.net udp
US 8.8.8.8:53 oaewcmmi.com udp
US 8.8.8.8:53 tuviluxig.net udp
US 8.8.8.8:53 uxgmenvx.info udp
US 8.8.8.8:53 oekwqw.org udp
US 8.8.8.8:53 jzdhhvivlgba.info udp
US 8.8.8.8:53 oalwpcngx.info udp
US 8.8.8.8:53 zeeeyqfgii.net udp
US 8.8.8.8:53 aoqsmqowsmgu.org udp
US 8.8.8.8:53 toltpzmnzrry.info udp
US 8.8.8.8:53 bcxsfmn.com udp
US 8.8.8.8:53 pctcrwzbw.net udp
US 8.8.8.8:53 xcrfxbihvn.info udp
US 8.8.8.8:53 euvngmdk.net udp
US 8.8.8.8:53 gddfjwzxtjvo.net udp
US 8.8.8.8:53 kpxxigbapzp.net udp
US 8.8.8.8:53 zfaqvwav.net udp
LT 77.79.33.88:27251 tcp
US 8.8.8.8:53 okuugqeny.net udp
US 8.8.8.8:53 njyipfid.net udp
US 8.8.8.8:53 dcjxullc.info udp
US 8.8.8.8:53 pvesxitaordl.info udp
US 8.8.8.8:53 ihilzgtd.net udp
US 8.8.8.8:53 yntwzi.net udp
US 8.8.8.8:53 dzrmxez.com udp
US 8.8.8.8:53 xsvqzwhuh.net udp
US 8.8.8.8:53 tihxhq.net udp
US 8.8.8.8:53 rtpjyork.info udp
US 8.8.8.8:53 chqgknhl.info udp
US 8.8.8.8:53 wqrfzhiaqwr.net udp
US 8.8.8.8:53 yfdifyhwdyx.info udp
US 8.8.8.8:53 helikqavg.net udp
US 8.8.8.8:53 kxldwaoqfn.info udp
US 8.8.8.8:53 ooueyc.org udp
US 8.8.8.8:53 lzdazo.net udp
US 8.8.8.8:53 xycfixpl.net udp
US 8.8.8.8:53 yinkrerhy.info udp
US 8.8.8.8:53 tqxtrqaon.net udp
US 8.8.8.8:53 xxbuvavqnao.net udp
US 8.8.8.8:53 uwiyooeaam.com udp
US 8.8.8.8:53 nnmztrfrnx.info udp
US 8.8.8.8:53 byfepsghg.org udp
US 8.8.8.8:53 iuzcvw.net udp
US 8.8.8.8:53 tgzzsilpuoyu.info udp
US 8.8.8.8:53 dkzizdvw.info udp
US 8.8.8.8:53 rejwrwpoa.info udp
US 8.8.8.8:53 lnpghgu.com udp
US 8.8.8.8:53 rjddrl.info udp
US 8.8.8.8:53 jmuyzwjxj.net udp
US 8.8.8.8:53 ewwywuwgugmk.com udp
US 8.8.8.8:53 coiqgues.com udp
US 8.8.8.8:53 punwfyr.net udp
US 8.8.8.8:53 pptozyqruros.info udp
US 8.8.8.8:53 sgescokcmo.org udp
US 8.8.8.8:53 rjriue.info udp
US 8.8.8.8:53 ckxqozs.info udp
US 8.8.8.8:53 wiuwvaqybih.net udp
US 8.8.8.8:53 lzwgpqnxhy.net udp
US 8.8.8.8:53 xlsoodglxjhq.info udp
US 8.8.8.8:53 jehyhpbob.com udp
US 8.8.8.8:53 ewqssqiyqq.com udp
US 8.8.8.8:53 twifdba.info udp
US 8.8.8.8:53 lwtgmgn.info udp
US 8.8.8.8:53 luaiurlae.info udp
US 8.8.8.8:53 dxlxcmgmqxba.info udp
US 8.8.8.8:53 wsoafwbzfrq.net udp
US 8.8.8.8:53 ncniku.info udp
US 8.8.8.8:53 znnmdgdyg.info udp
US 8.8.8.8:53 mbngppto.info udp
US 8.8.8.8:53 hsfspwfirsr.org udp
US 8.8.8.8:53 sgmaeoum.org udp
US 8.8.8.8:53 ryyrfgrjzif.net udp
US 8.8.8.8:53 fumvct.net udp
US 8.8.8.8:53 iynmxyn.net udp
US 8.8.8.8:53 qxjjmypiriz.info udp
US 8.8.8.8:53 bntspk.net udp
US 8.8.8.8:53 sjtgvgochuc.net udp
US 8.8.8.8:53 xmvuzwtad.org udp
US 8.8.8.8:53 itqhzjxumhlh.net udp
US 8.8.8.8:53 dnyidwf.info udp
US 8.8.8.8:53 xzdjrucronfu.info udp
US 8.8.8.8:53 eqqsugkq.org udp
US 8.8.8.8:53 jqtkhcnkl.com udp
US 8.8.8.8:53 yadxtkefpqdf.net udp
US 8.8.8.8:53 skmcvihjp.net udp
US 8.8.8.8:53 xcxfdojnil.net udp
US 8.8.8.8:53 sksccikaem.com udp
US 8.8.8.8:53 qanamzn.info udp
US 8.8.8.8:53 iolwrjqi.info udp
US 8.8.8.8:53 phmvbv.info udp
US 8.8.8.8:53 ysakikse.com udp
US 8.8.8.8:53 xbvulsz.com udp
US 8.8.8.8:53 qngitmingp.net udp
US 8.8.8.8:53 uwtbxvnpdj.info udp
US 8.8.8.8:53 eybdfbvil.info udp
US 8.8.8.8:53 qawiybcuqpst.info udp
US 8.8.8.8:53 ulwprsdpevsj.info udp
BG 188.254.157.235:20334 tcp
US 8.8.8.8:53 puhwukmiigi.net udp
US 8.8.8.8:53 xsoshznajwv.com udp
US 8.8.8.8:53 jtxujmbecdmv.info udp
US 8.8.8.8:53 ibthzitnbynq.info udp
US 8.8.8.8:53 eonubyiixwx.info udp
US 8.8.8.8:53 qyjxvcif.net udp
US 8.8.8.8:53 jxhpks.info udp
US 8.8.8.8:53 msyldjwnb.net udp
US 8.8.8.8:53 pmwebhd.org udp
US 8.8.8.8:53 rkwlhccy.info udp
US 8.8.8.8:53 vfbsbuoob.info udp
US 8.8.8.8:53 oodglijyhrl.info udp
US 8.8.8.8:53 yuoaay.com udp
US 8.8.8.8:53 nthafgeqx.org udp
US 8.8.8.8:53 rovqrojhrsh.net udp
US 8.8.8.8:53 iijfpiwpfe.net udp
US 8.8.8.8:53 modgimmsfel.net udp
US 8.8.8.8:53 vibshiiel.net udp
US 8.8.8.8:53 iqmuakccwo.com udp
US 8.8.8.8:53 monmoqmmhov.net udp
US 8.8.8.8:53 jjqtpeerkb.net udp
US 8.8.8.8:53 ukqtjijt.info udp
US 8.8.8.8:53 nsehfyoocct.info udp
US 8.8.8.8:53 nesnqw.net udp
US 8.8.8.8:53 lanfeies.info udp
US 8.8.8.8:53 mkccauwy.com udp
US 8.8.8.8:53 dchyfcu.org udp
US 8.8.8.8:53 cwdegwtvn.net udp
US 8.8.8.8:53 urkcltobhpwf.net udp
US 8.8.8.8:53 zginfctmr.net udp
US 8.8.8.8:53 oismai.com udp
US 8.8.8.8:53 jjltkwrxkz.net udp
US 8.8.8.8:53 bzaioqlftqte.net udp
US 8.8.8.8:53 atwrdw.info udp
US 8.8.8.8:53 eyioyaouwi.org udp
US 8.8.8.8:53 eheflhppvg.net udp
US 8.8.8.8:53 keuztcbj.net udp
US 8.8.8.8:53 judirsvyhqdd.info udp
US 8.8.8.8:53 cykogcgqqcuu.com udp
US 8.8.8.8:53 jlrqpujqvrl.info udp
US 8.8.8.8:53 unoetq.net udp
US 8.8.8.8:53 tmfdrqxojeb.org udp
US 8.8.8.8:53 ugjyfpgfl.net udp
US 8.8.8.8:53 ywtgzidcwmb.net udp
US 8.8.8.8:53 aleyrtnqxrnt.net udp
BG 84.54.137.119:34804 tcp
US 8.8.8.8:53 lrjlroij.net udp
US 8.8.8.8:53 zwmihaso.net udp
US 8.8.8.8:53 myrwjqkrwpbk.info udp
US 8.8.8.8:53 xojexwu.org udp
US 8.8.8.8:53 wiosmwwsoaow.com udp
US 8.8.8.8:53 bqxwdka.com udp
US 8.8.8.8:53 mpkbfsgyp.info udp
US 8.8.8.8:53 vtjljsbipc.info udp
US 8.8.8.8:53 muowfmbuqa.net udp
US 8.8.8.8:53 qseoumkkca.org udp
US 8.8.8.8:53 ddwfnvwt.net udp
US 8.8.8.8:53 gilmpldqz.info udp
US 8.8.8.8:53 sfummj.info udp
US 8.8.8.8:53 iikecscy.com udp
US 8.8.8.8:53 qdnmhgdyrit.net udp
US 8.8.8.8:53 gkwugawaaoqk.org udp
US 8.8.8.8:53 qyqigk.com udp
US 8.8.8.8:53 qdokpuz.net udp
US 8.8.8.8:53 butkxsntx.info udp
US 8.8.8.8:53 buycfqnl.info udp
US 8.8.8.8:53 uminvkhovu.info udp
US 8.8.8.8:53 sgesykqeqi.com udp
US 8.8.8.8:53 fyaylmbcb.net udp
US 8.8.8.8:53 dncmpbfdqahv.net udp
US 8.8.8.8:53 ncpnrjdqqid.info udp
US 8.8.8.8:53 qbkexzyi.net udp
US 8.8.8.8:53 pzgkljuoas.net udp
US 8.8.8.8:53 guxodymmpe.net udp
US 8.8.8.8:53 hydurdgib.net udp
US 8.8.8.8:53 hedayguflv.info udp
US 8.8.8.8:53 ekqaao.com udp
US 8.8.8.8:53 lncmjdhy.info udp
US 8.8.8.8:53 upbizjd.net udp
US 8.8.8.8:53 zposnpxr.net udp
US 8.8.8.8:53 ayofurjkxzcx.info udp
US 8.8.8.8:53 jnrhzznd.info udp
US 8.8.8.8:53 rkjyfrxybqd.net udp
US 8.8.8.8:53 jvjbkx.info udp
US 8.8.8.8:53 mmwiumoggcaa.com udp
US 8.8.8.8:53 cecmewek.org udp
PK 115.42.75.182:21587 tcp
US 8.8.8.8:53 btqvksdge.org udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 jwwqnfzzfe.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 mvcafmvjjhpe.info udp
US 8.8.8.8:53 xoesfx.net udp
US 8.8.8.8:53 jpjqjcditu.net udp
US 8.8.8.8:53 bafmrd.info udp
US 8.8.8.8:53 yqdindvszcl.info udp
US 8.8.8.8:53 wflqfzbq.info udp
US 8.8.8.8:53 ayhycluhzyqw.info udp
US 8.8.8.8:53 wvutnd.info udp
US 8.8.8.8:53 ldlrgk.info udp
US 8.8.8.8:53 nzxqtztgxnto.net udp
US 8.8.8.8:53 pqphpf.info udp
US 8.8.8.8:53 echjnod.info udp
US 8.8.8.8:53 nqelrlvlmp.net udp
US 8.8.8.8:53 saggucuemsgg.com udp
US 8.8.8.8:53 lkeqzkmyxyc.info udp
US 8.8.8.8:53 gzlujum.net udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 eqeyvnxi.info udp
US 8.8.8.8:53 wiupjyjvr.info udp
US 8.8.8.8:53 eysksjbufa.net udp
US 8.8.8.8:53 wpviuwhnpx.info udp
US 8.8.8.8:53 joscfjk.info udp
US 8.8.8.8:53 coterzuxgt.info udp
US 8.8.8.8:53 sgdzhklkvfso.info udp
US 8.8.8.8:53 kesmsgewgwcu.com udp
US 8.8.8.8:53 fampue.net udp
US 8.8.8.8:53 skqsiiae.org udp
US 8.8.8.8:53 hazpqn.info udp
US 8.8.8.8:53 hstjvccfzqbg.net udp
US 8.8.8.8:53 zsnptyvktgid.net udp
US 8.8.8.8:53 nhxobuftkcv.com udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 dsbkuunbmkl.net udp
US 8.8.8.8:53 kscfswtypaz.info udp
US 8.8.8.8:53 vwxubb.net udp
US 8.8.8.8:53 kcmeaqucx.info udp
US 8.8.8.8:53 qlstpgkhcjbu.net udp
US 8.8.8.8:53 qkzynzjazlhs.info udp
US 8.8.8.8:53 xsmharskx.com udp
US 8.8.8.8:53 falvycvlj.info udp
US 8.8.8.8:53 nzitfaav.info udp
BG 77.85.98.81:35285 tcp
US 8.8.8.8:53 iqscxdl.info udp
US 8.8.8.8:53 nmbarfy.info udp
US 8.8.8.8:53 wwfmaf.info udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 qkwoweyu.org udp
US 8.8.8.8:53 maoqow.org udp
US 8.8.8.8:53 pmehnih.org udp
US 8.8.8.8:53 rdapxwymkh.info udp
US 8.8.8.8:53 hyjodgw.info udp
US 8.8.8.8:53 ssmwmawq.org udp
US 8.8.8.8:53 rvrghdnipuq.net udp
US 8.8.8.8:53 vvmbfttpjj.net udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 ptrvtol.net udp
US 8.8.8.8:53 femtvun.info udp
US 8.8.8.8:53 gahesobkk.info udp
US 8.8.8.8:53 wcqork.info udp
US 8.8.8.8:53 ogcimogkkiqw.org udp
US 8.8.8.8:53 eaictyqxc.info udp
US 8.8.8.8:53 uzhfktekcoaj.info udp
US 8.8.8.8:53 mpywaqrcx.info udp
US 8.8.8.8:53 nkiqxbxgtz.info udp
US 8.8.8.8:53 vgqxvqngngx.info udp
US 8.8.8.8:53 mkselelszfr.net udp
US 8.8.8.8:53 kylsrhdmy.net udp
US 8.8.8.8:53 yqwgmqyc.com udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 uhbsbfvr.net udp
US 8.8.8.8:53 ccaqkq.org udp
US 8.8.8.8:53 qeasooggkkye.org udp
US 8.8.8.8:53 cuqmfdds.info udp
US 8.8.8.8:53 hplrustazo.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 htboqlhc.info udp
US 8.8.8.8:53 jwjulkj.info udp
US 8.8.8.8:53 jrnmzxzen.com udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 immeyggm.com udp
US 8.8.8.8:53 ucyyky.com udp
US 8.8.8.8:53 yzjmiwegrop.info udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 qeiegiyo.org udp
US 8.8.8.8:53 giekgyskeiik.org udp
US 8.8.8.8:53 fgpinx.net udp
US 8.8.8.8:53 wiqmwkaggigc.org udp
US 8.8.8.8:53 ywxwfsq.net udp
US 8.8.8.8:53 xrlyluukfb.info udp
US 8.8.8.8:53 bavppixu.net udp
US 8.8.8.8:53 ylabgkph.net udp
US 8.8.8.8:53 afabzxjgrwen.net udp
US 8.8.8.8:53 xgvkyubmm.info udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 vcmglo.info udp
US 8.8.8.8:53 offmhlmo.net udp
US 8.8.8.8:53 ptpwnlreeaxo.net udp
US 8.8.8.8:53 yisedlnu.net udp
US 8.8.8.8:53 gxfpwcb.net udp
US 8.8.8.8:53 fyvcmhxfxflb.net udp
US 8.8.8.8:53 kkpskmjr.info udp
US 8.8.8.8:53 eeeiusoc.com udp
BG 88.87.8.138:31805 tcp
US 8.8.8.8:53 difcrfvclttl.net udp
US 8.8.8.8:53 dnuyggophlme.info udp
US 8.8.8.8:53 udtkpszwv.info udp
US 8.8.8.8:53 djyyiuzle.com udp
US 8.8.8.8:53 myisuqok.org udp
US 8.8.8.8:53 dtstyn.net udp
US 8.8.8.8:53 mecgwkoug.info udp
US 8.8.8.8:53 qeuibkx.net udp
US 8.8.8.8:53 soaomgmiayia.org udp
US 8.8.8.8:53 wrntdvucozzb.info udp
US 8.8.8.8:53 eilqvudolvq.info udp
US 8.8.8.8:53 xoudfv.info udp
US 8.8.8.8:53 ogkwmkewmway.com udp
US 8.8.8.8:53 vlkgtmvoa.net udp
US 8.8.8.8:53 suuqpqtrw.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 jozorfj.info udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 aqzgabmadka.info udp
US 8.8.8.8:53 qhxjzghhxqh.info udp
US 8.8.8.8:53 iepfgxdcvoj.net udp
US 8.8.8.8:53 yktqhuksj.net udp
US 8.8.8.8:53 xfzndln.net udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 pzxyyi.info udp
US 8.8.8.8:53 owijxsnijxlb.info udp
US 8.8.8.8:53 pxdxvyf.net udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 qjwuhu.info udp
US 8.8.8.8:53 soixneh.info udp
US 8.8.8.8:53 ssyuss.com udp
US 8.8.8.8:53 vaizlhjv.net udp
US 8.8.8.8:53 olxqvjxix.net udp
US 8.8.8.8:53 oowqwoumiyew.com udp
US 8.8.8.8:53 vvbzpjy.org udp
US 8.8.8.8:53 ekagyuqugeyy.org udp
US 8.8.8.8:53 asnmygy.info udp
US 8.8.8.8:53 fzkrxmam.info udp
US 8.8.8.8:53 yerazqh.info udp
US 8.8.8.8:53 wuzbnoi.net udp
US 8.8.8.8:53 xakaskpdl.net udp
US 8.8.8.8:53 fixijml.org udp
RU 178.218.100.197:35846 tcp
US 8.8.8.8:53 amuskqeqaiic.org udp
US 8.8.8.8:53 tceuvsrqb.info udp
US 8.8.8.8:53 kflokawzkw.net udp
US 8.8.8.8:53 mhlwvet.info udp
US 8.8.8.8:53 rwasknvkps.info udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 mfusnh.info udp
US 8.8.8.8:53 oeiouqik.org udp
US 8.8.8.8:53 codiygp.info udp
US 8.8.8.8:53 bujydax.net udp
US 8.8.8.8:53 itwdtito.info udp
US 8.8.8.8:53 gatytgb.info udp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 gyqocgcwuu.org udp
US 8.8.8.8:53 lgvsdfann.net udp
US 8.8.8.8:53 dtppzh.net udp
US 8.8.8.8:53 lupdojwxtrlo.net udp
US 8.8.8.8:53 ayameywk.com udp
US 8.8.8.8:53 dddojxdkt.info udp
US 8.8.8.8:53 pcbehbhulqx.info udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 qockeo.org udp
US 8.8.8.8:53 vktorlwqe.net udp
US 8.8.8.8:53 occffunsemm.net udp
US 8.8.8.8:53 noufhu.info udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 ysbmqh.net udp
US 8.8.8.8:53 ivftpm.net udp
US 8.8.8.8:53 fhlueqiyv.net udp
US 8.8.8.8:53 oqqeymwswoaa.com udp
US 8.8.8.8:53 awtrjqbmv.net udp
US 8.8.8.8:53 csaqznrivkg.info udp
US 8.8.8.8:53 ywyucquu.com udp
US 8.8.8.8:53 qyysauhr.net udp
US 8.8.8.8:53 ejpdqikairvo.info udp
US 8.8.8.8:53 lcggfscafs.net udp
US 8.8.8.8:53 glxhvjzdjd.info udp
US 8.8.8.8:53 nmpiqndclea.com udp
US 8.8.8.8:53 ssgqsckw.com udp
US 8.8.8.8:53 yfvseqtk.info udp
US 8.8.8.8:53 kilozktbj.net udp
US 8.8.8.8:53 uanqpejrt.net udp
US 8.8.8.8:53 czdmvek.net udp
US 8.8.8.8:53 xflrdxdu.net udp
US 8.8.8.8:53 fwzgmozjl.com udp
US 8.8.8.8:53 isfwxodwnut.net udp
US 8.8.8.8:53 wcigqgiwqm.org udp
US 8.8.8.8:53 yabgjuiyvpj.net udp
US 8.8.8.8:53 ecvemit.info udp
US 8.8.8.8:53 mwdoordco.info udp
US 8.8.8.8:53 oksuqook.org udp
US 8.8.8.8:53 dhzidetxtzu.org udp
US 8.8.8.8:53 yqtafgfohsp.net udp
US 8.8.8.8:53 btdneqyrez.info udp
US 8.8.8.8:53 bhtapgfuvhr.com udp
US 8.8.8.8:53 nrpqjt.info udp
US 8.8.8.8:53 simyxeei.info udp
US 8.8.8.8:53 tuuqlfyjxqe.info udp
US 8.8.8.8:53 dxllnf.info udp
US 8.8.8.8:53 kcxpzyf.info udp
US 8.8.8.8:53 lkngjoezjnq.com udp
US 8.8.8.8:53 javydgngnav.info udp
US 8.8.8.8:53 ucgweeseak.com udp
US 8.8.8.8:53 srbwimxsnx.net udp
US 8.8.8.8:53 vjuirthup.info udp
US 8.8.8.8:53 vqoovoqtl.org udp
US 8.8.8.8:53 pabesrzykgi.org udp
US 8.8.8.8:53 wrbgtg.info udp
US 8.8.8.8:53 uikubpgobej.net udp
US 8.8.8.8:53 tapifwl.org udp
US 8.8.8.8:53 rvvshtvrdas.net udp
US 8.8.8.8:53 vihxesqc.net udp
US 8.8.8.8:53 csihpxjjme.info udp
US 8.8.8.8:53 xbfhtyff.info udp
US 8.8.8.8:53 curyowdj.info udp
US 8.8.8.8:53 vpfinnmn.info udp
MD 92.115.63.62:26632 tcp
US 8.8.8.8:53 yejwhophmqco.net udp
US 8.8.8.8:53 kidixphqsgb.net udp
US 8.8.8.8:53 vsswekgnat.info udp
US 8.8.8.8:53 dalwttqdx.net udp
US 8.8.8.8:53 zbdtkcrrqe.info udp
DE 85.214.228.140:80 gyuuym.org tcp
US 8.8.8.8:53 aiayimcw.org udp
US 8.8.8.8:53 qphqiwoqfqp.net udp
US 8.8.8.8:53 ludybywud.net udp
US 8.8.8.8:53 xkhurdpi.net udp
US 8.8.8.8:53 uetspfggvki.info udp
SG 18.142.91.111:80 unxfuild.info tcp
US 8.8.8.8:53 kvyynvrx.info udp
US 8.8.8.8:53 wqesocem.org udp
US 8.8.8.8:53 jelsfif.net udp
US 8.8.8.8:53 ggcwwkuuam.com udp
US 8.8.8.8:53 ggoiukqgsikq.org udp
US 8.8.8.8:53 hafjpchllgfs.net udp
US 8.8.8.8:53 yuiajmdtei.info udp
US 8.8.8.8:53 awmiic.org udp
US 8.8.8.8:53 ioinrhtuqekc.info udp
US 8.8.8.8:53 udzdjiddn.net udp
US 8.8.8.8:53 aimexxlua.net udp
US 8.8.8.8:53 cilnmhrf.net udp
US 8.8.8.8:53 ttworno.org udp
US 8.8.8.8:53 ygoukmwg.org udp
US 8.8.8.8:53 hzuunrbqrkr.info udp
US 8.8.8.8:53 bysivntct.net udp
US 8.8.8.8:53 ibvhvurqx.net udp
US 104.156.155.94:80 cydlrge.info tcp
LT 78.57.243.21:29139 tcp
US 8.8.8.8:53 bmfksslen.info udp
US 8.8.8.8:53 jnriyhzkb.org udp
US 8.8.8.8:53 mszelkj.net udp
US 8.8.8.8:53 xsyowwr.net udp
US 8.8.8.8:53 hnwrpurmwqoj.info udp
US 8.8.8.8:53 mjotpzfbosdh.info udp
US 8.8.8.8:53 lptxixrkzv.info udp
US 8.8.8.8:53 ugygmk.org udp
US 8.8.8.8:53 scajyy.info udp
US 8.8.8.8:53 ycsudef.info udp
US 8.8.8.8:53 luvehemiri.info udp
US 8.8.8.8:53 uytixw.net udp
US 8.8.8.8:53 bfuald.info udp
US 8.8.8.8:53 kgoaqkckgk.org udp
US 8.8.8.8:53 ngsoxwyc.info udp
US 8.8.8.8:53 uffzrcxibes.info udp
US 8.8.8.8:53 szfofisovcr.net udp
US 8.8.8.8:53 lalckpw.org udp
US 8.8.8.8:53 cumaiy.org udp
US 8.8.8.8:53 xqsavqw.com udp
US 8.8.8.8:53 bjqzxqw.net udp
US 8.8.8.8:53 hddwtjf.org udp
US 8.8.8.8:53 hmfurcniz.info udp
US 8.8.8.8:53 vjraxhkqfup.com udp
US 8.8.8.8:53 fqyetgjpzuz.com udp
US 8.8.8.8:53 ddpobim.org udp
US 8.8.8.8:53 tnnclvm.info udp
US 8.8.8.8:53 fdjkggiktb.info udp
US 8.8.8.8:53 aenrzevzvaj.net udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 ummsvlki.info udp
US 8.8.8.8:53 vdfubgb.net udp
US 8.8.8.8:53 gnwvjvjc.net udp
US 8.8.8.8:53 xirqxvtwnnro.info udp
US 8.8.8.8:53 rcstns.net udp
US 8.8.8.8:53 itgsirpkoprl.info udp
US 8.8.8.8:53 yoaoooewyeeo.com udp
US 8.8.8.8:53 tshpnadnpgj.net udp
US 8.8.8.8:53 mdhpuesj.net udp
US 8.8.8.8:53 ypniwahz.net udp
US 8.8.8.8:53 fxmdvgzidtlp.net udp
US 8.8.8.8:53 ozokfin.net udp
US 8.8.8.8:53 gpenjfhcdk.net udp
US 8.8.8.8:53 ebmilkcj.info udp
US 8.8.8.8:53 dqjrswwie.com udp
US 8.8.8.8:53 jwpyxcxop.net udp
US 8.8.8.8:53 rdwexqt.info udp
US 8.8.8.8:53 ttzkuuqan.com udp
US 8.8.8.8:53 fjhgmmxxx.info udp
US 8.8.8.8:53 vrxmprngmlhk.net udp
US 8.8.8.8:53 aqzbowenq.info udp
RU 31.181.86.245:23307 tcp
US 8.8.8.8:53 mmnitqr.net udp
US 8.8.8.8:53 vkdoallngp.info udp
US 8.8.8.8:53 kevmxyxciyt.net udp
US 8.8.8.8:53 fqhefw.info udp
US 8.8.8.8:53 knrgfdzojrjn.info udp
US 8.8.8.8:53 jlvcxy.info udp
US 8.8.8.8:53 eznabol.net udp
US 8.8.8.8:53 pymyaopldsy.net udp
US 8.8.8.8:53 uujqfbbmlur.net udp
US 8.8.8.8:53 klqmnybibg.net udp
US 8.8.8.8:53 tdhnlhvypr.net udp
US 8.8.8.8:53 hibedhpetrt.info udp
US 8.8.8.8:53 zgvixk.net udp
US 8.8.8.8:53 sdxftb.info udp
US 8.8.8.8:53 lyxmnybibg.info udp
US 8.8.8.8:53 wyfuvfblbtj.info udp
US 8.8.8.8:53 lhofkm.net udp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 eoqouuua.com udp
US 8.8.8.8:53 ljnrjcwzoptd.net udp
US 8.8.8.8:53 gylxvmtef.info udp
US 8.8.8.8:53 gkpkgczgy.info udp

Files

C:\Users\Admin\AppData\Local\Temp\sdqaokddcna.exe

MD5 32c9a6435d4988f8555976f0bcb47803
SHA1 89d8c6c98e23a65e102b44a78b8582fbc2bf66f2
SHA256 5880a283c3fc44d23a1c368301384b7db5cd47aa6cbfe340f96163251bf72e54
SHA512 905d845d6352bf3cebf58fffd9efc41d87f9dfc721408f8ecc06e1c1c1e20f6753f4987689a7ba9253286efedb95e9266cb63b291d4a2a8cbca0e6c3f80e064c

C:\Windows\SysWOW64\pjsqgargxsldxojmmt.exe

MD5 c80bb333a03aefa2ebc92b2d4851eaed
SHA1 e8f4a6c6537522d8c9e187f4cc2ae47252c39e6f
SHA256 26aa0051cdca76b6fea6ef46de623fc60b21b3adcb3100e3366ab638fe9c3a38
SHA512 5a2d9a4c626761a0b9ce6eca4d21453a35ea91d29a17a7ebef69d0cccf7dd86accc8ed395437578e329e6aea98dd6cb05c02a7b53ffb8014400f11a6041da4f9

C:\Users\Admin\AppData\Local\Temp\ajhuzio.exe

MD5 7ab154b8f9a5d53361fb598c093c7f66
SHA1 9c89d4bd5f785a9949d9455c1a9c31178aa143e8
SHA256 8580eddea59762e432e6d9d5be1300cf159a81d6a10e86f6c17a99bdb8f67192
SHA512 22cb9c6e5986882234cfd5c8e09fa6916bdba5c562a9a40db9e85fb3e7251e609f29673718d7533059f4358c8c376cef10eea4f08123f38b59ac1b09d1863cd5

C:\Users\Admin\AppData\Local\qfjcncoykaobqcsqlnqfjcncoykaobqcsql.qfj

MD5 7c565d4675a4dfb724f02c0edda587b2
SHA1 57730e94418cce34e6825610a820e92a12e7d3d9
SHA256 39bb57d1334f4160b3db976669421ce179a9ddd993b348da2c9f56dc39f0916b
SHA512 471bb801f75cb39aa0128220c750317c87397689299f24c8bf3d8cf6784534f4471384db1ecf960edfbc9f13243f7031ab5d1c05aef7bde9d127cfa3325f28f8

C:\Users\Admin\AppData\Local\hlemmqrqrwzbfglyizrvowwa.abg

MD5 1afda166bc808507f39de3879b6c8baf
SHA1 500d6a4ae9f06cd1ccd0a9a3cd6ece87d3db9274
SHA256 e23585bd07cadc01f43512d22f5d35911bb3e370985781a544f37ca6a6d4ca4d
SHA512 c288cb1171bd6a11ca9eb2f189a3471ade02b57214e8afcfb00e11daa3e29e475b1839aa25ba578e5128cf07eaf7601c5a3b67024274065f0aa00390f7a63a29

C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg

MD5 6c43a2f8ad6adcf6480e245414508425
SHA1 59678ef99b28c8da7cffa4046d1eafd5fb80f652
SHA256 8440e2cac225f76e9a90e1c8fb2cf8dd75ec43b0f51ff95974241922fd01dd83
SHA512 838f1bf799167fd432f89bc28bedfc6684985f1c0fd8ade5ab909a38d51e695e2b9bad544db0438b041a11564f0d99decd5f8aa2b416209221e305a327047aad

C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg

MD5 2b241f88f6ab8b1ccd1d4ece1da32d98
SHA1 f1cd0e8210f5d7a30b0d6b2973ead40a52cc99f0
SHA256 b01257f9c4c83c319846c6ed7896f5431f848eafbbfcc532858c7b76aad6bd25
SHA512 c4e229a6726a2ea1057402914cef593c6b20660d4ba568bbf21a17b645abcf302a7effad233de1f10bfe7df611dc258aa60726ebda6bd1ae7333c3fc1d0c2925

C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg

MD5 74d7cf3b3eef47741190339096080e52
SHA1 388b4e21c8997f9b53f76b2a27e194675a0a61c1
SHA256 356204e21c9bad58ac70e242422c031fe0e44c356c001b05bcb185a467a3051a
SHA512 acd8e0f026bd1dd1fcb45759ac011dc2c0fce596c370aacd87cfe1a2144c277cd45d66d142117bd11b161226a1dd5e0db87270a994a02452c68e911f4e349362

C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg

MD5 c70e947c2d390f1aaa424b4d323c67d0
SHA1 502e0f229ce517982399c392fa4491e8e1176314
SHA256 fa57883ae87daaf85cf8adc9393f9f158757aaefacd95d328ff9bfc329f9b42d
SHA512 135ddb2d975cb3e5e1d56b4fcabe0b89a37a0789609a3e260f5a4499270ad6c7d1a2917fe1467b3afb2e2c49d3cbb32389e6a20914bee577a2ae918b7e93872e

C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg

MD5 11f8ad286c625e450e27f01b2036d680
SHA1 8753142803f0188c6e5bc4bc63ea93fbd1c5039d
SHA256 dcaa2282327b65847d47fb933d50bd07ea9f3e3c2bd0a3a71c294f5d1789976b
SHA512 c146f46b9398e5f02c1d661bf3ba87c738dfd09519b8d43748bb3c77f8dc2c74b95b4e084344878dbccf881a83f0afaaf70145ccb8408f693bfe5eb88c3b61d1

C:\Program Files (x86)\hlemmqrqrwzbfglyizrvowwa.abg

MD5 f540733586c7f2f97a0966d5d3bbfc46
SHA1 67994a0a82dbfccee81798219b94120bee54e236
SHA256 e2fe4b6508f8b5ea496c2e4222aec7ee619474eebcaa3c4f3bdb9182dba50823
SHA512 1593e132ede99446b2cad12b00f19c984681d6b2bf10ad0b648d864f6c34be50beb8ddc17784720b4e01d4b47a8388cb9ae4834f39e51eee9f06ae636cf50464

Analysis: behavioral2

Detonation Overview

Submitted

2025-04-21 06:04

Reported

2025-04-21 06:06

Platform

win11-20250410-en

Max time kernel

61s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Pykspa

worm pykspa

Pykspa family

pykspa

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Detect Pykspa worm

worm
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds policy Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ygqznsclzh = "bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zelrcel = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\bupjiytnmfqqmxlwdbpid.exe N/A
N/A N/A C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
N/A N/A C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Windows\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
N/A N/A C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
N/A N/A C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
N/A N/A C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Windows\fulbwizpkzgcublsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\bupjiytnmfqqmxlwdbpid.exe N/A
N/A N/A C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
N/A N/A C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\fulbwizpkzgcublsv.exe N/A
N/A N/A C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
N/A N/A C:\Windows\bupjiytnmfqqmxlwdbpid.exe N/A
N/A N/A C:\Windows\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
N/A N/A C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
N/A N/A C:\Windows\oewnjwofbrzwpxiqup.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "bupjiytnmfqqmxlwdbpid.exe ." C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "oewnjwofbrzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "fulbwizpkzgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "oewnjwofbrzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "fulbwizpkzgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "bupjiytnmfqqmxlwdbpid.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "fulbwizpkzgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "ymcrlwmbvjpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "oewnjwofbrzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "ymcrlwmbvjpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "ymcrlwmbvjpkbhqw.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "meyrpeyrphrqlvisyvia.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\qamxnugrhrtk = "fulbwizpkzgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "fulbwizpkzgcublsv.exe ." C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "meyrpeyrphrqlvisyvia.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qcqdvesfxjngvz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\panzqylxozcui = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fulbwizpkzgcublsv.exe" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\fmvdqudly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe ." C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bupjiytnmfqqmxlwdbpid.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\tcnxmsdnclm = "ymcrlwmbvjpkbhqw.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\zqjbymfxulusmvhqvrd.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000\Software\Microsoft\Windows\CurrentVersion\Run\oucjvygn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oewnjwofbrzwpxiqup.exe" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Hijack Execution Flow: Executable Installer File Permissions Weakness

defense_evasion persistence privilege_escalation
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A www.whatismyip.ca N/A N/A
N/A whatismyip.everdot.org N/A N/A
N/A www.showmyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\suybjimpxztchbysipmosvdcgj.tnw C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\SysWOW64\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File created C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Program Files (x86)\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File created C:\Program Files (x86)\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File created C:\Windows\suybjimpxztchbysipmosvdcgj.tnw C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\smidduqllfrspbqckjysoj.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\bupjiytnmfqqmxlwdbpid.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\ymcrlwmbvjpkbhqw.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\fulbwizpkzgcublsv.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
File opened for modification C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
File opened for modification C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\meyrpeyrphrqlvisyvia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\oewnjwofbrzwpxiqup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\zqjbymfxulusmvhqvrd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\ymcrlwmbvjpkbhqw.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3536 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3536 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3536 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3092 wrote to memory of 5728 N/A C:\Windows\system32\cmd.exe C:\Windows\bupjiytnmfqqmxlwdbpid.exe
PID 3092 wrote to memory of 5728 N/A C:\Windows\system32\cmd.exe C:\Windows\bupjiytnmfqqmxlwdbpid.exe
PID 3092 wrote to memory of 5728 N/A C:\Windows\system32\cmd.exe C:\Windows\bupjiytnmfqqmxlwdbpid.exe
PID 4880 wrote to memory of 4960 N/A C:\Windows\system32\cmd.exe C:\Windows\meyrpeyrphrqlvisyvia.exe
PID 4880 wrote to memory of 4960 N/A C:\Windows\system32\cmd.exe C:\Windows\meyrpeyrphrqlvisyvia.exe
PID 4880 wrote to memory of 4960 N/A C:\Windows\system32\cmd.exe C:\Windows\meyrpeyrphrqlvisyvia.exe
PID 4960 wrote to memory of 4972 N/A C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4960 wrote to memory of 4972 N/A C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4960 wrote to memory of 4972 N/A C:\Windows\meyrpeyrphrqlvisyvia.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5076 wrote to memory of 844 N/A C:\Windows\system32\cmd.exe C:\Windows\oewnjwofbrzwpxiqup.exe
PID 5076 wrote to memory of 844 N/A C:\Windows\system32\cmd.exe C:\Windows\oewnjwofbrzwpxiqup.exe
PID 5076 wrote to memory of 844 N/A C:\Windows\system32\cmd.exe C:\Windows\oewnjwofbrzwpxiqup.exe
PID 4496 wrote to memory of 5448 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 4496 wrote to memory of 5448 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 4496 wrote to memory of 5448 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 5448 wrote to memory of 4336 N/A C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5448 wrote to memory of 4336 N/A C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5448 wrote to memory of 4336 N/A C:\Windows\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3040 wrote to memory of 4444 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
PID 3040 wrote to memory of 4444 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
PID 3040 wrote to memory of 4444 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe
PID 5884 wrote to memory of 5856 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
PID 5884 wrote to memory of 5856 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
PID 5884 wrote to memory of 5856 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
PID 5856 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5856 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5856 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5660 wrote to memory of 5812 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
PID 5660 wrote to memory of 5812 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
PID 5660 wrote to memory of 5812 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe
PID 1744 wrote to memory of 3876 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
PID 1744 wrote to memory of 3876 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
PID 1744 wrote to memory of 3876 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe
PID 3876 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3876 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 3876 wrote to memory of 792 N/A C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 2500 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
PID 2500 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
PID 2500 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
PID 2500 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
PID 2500 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
PID 2500 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe C:\Users\Admin\AppData\Local\Temp\mqwblm.exe
PID 3296 wrote to memory of 3352 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 3296 wrote to memory of 3352 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 3296 wrote to memory of 3352 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 5068 wrote to memory of 5924 N/A C:\Windows\system32\cmd.exe C:\Windows\oewnjwofbrzwpxiqup.exe
PID 5068 wrote to memory of 5924 N/A C:\Windows\system32\cmd.exe C:\Windows\oewnjwofbrzwpxiqup.exe
PID 5068 wrote to memory of 5924 N/A C:\Windows\system32\cmd.exe C:\Windows\oewnjwofbrzwpxiqup.exe
PID 5924 wrote to memory of 2120 N/A C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5924 wrote to memory of 2120 N/A C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 5924 wrote to memory of 2120 N/A C:\Windows\oewnjwofbrzwpxiqup.exe C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe
PID 4928 wrote to memory of 5960 N/A C:\Windows\system32\cmd.exe C:\Windows\meyrpeyrphrqlvisyvia.exe
PID 4928 wrote to memory of 5960 N/A C:\Windows\system32\cmd.exe C:\Windows\meyrpeyrphrqlvisyvia.exe
PID 4928 wrote to memory of 5960 N/A C:\Windows\system32\cmd.exe C:\Windows\meyrpeyrphrqlvisyvia.exe
PID 2788 wrote to memory of 904 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 2788 wrote to memory of 904 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 2788 wrote to memory of 904 N/A C:\Windows\system32\cmd.exe C:\Windows\zqjbymfxulusmvhqvrd.exe
PID 980 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Windows\ymcrlwmbvjpkbhqw.exe
PID 980 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Windows\ymcrlwmbvjpkbhqw.exe
PID 980 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Windows\ymcrlwmbvjpkbhqw.exe
PID 1476 wrote to memory of 1164 N/A C:\Windows\system32\cmd.exe C:\Windows\meyrpeyrphrqlvisyvia.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\AppData\Local\Temp\mqwblm.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe"

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_c80bb333a03aefa2ebc92b2d4851eaed.exe*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\mqwblm.exe

"C:\Users\Admin\AppData\Local\Temp\mqwblm.exe" "-C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe"

C:\Users\Admin\AppData\Local\Temp\mqwblm.exe

"C:\Users\Admin\AppData\Local\Temp\mqwblm.exe" "-C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c oewnjwofbrzwpxiqup.exe .

C:\Windows\oewnjwofbrzwpxiqup.exe

oewnjwofbrzwpxiqup.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\oewnjwofbrzwpxiqup.exe*."

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Users\Admin\AppData\Local\Temp\zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Users\Admin\AppData\Local\Temp\bupjiytnmfqqmxlwdbpid.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c bupjiytnmfqqmxlwdbpid.exe .

C:\Windows\bupjiytnmfqqmxlwdbpid.exe

bupjiytnmfqqmxlwdbpid.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\bupjiytnmfqqmxlwdbpid.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c fulbwizpkzgcublsv.exe .

C:\Windows\fulbwizpkzgcublsv.exe

fulbwizpkzgcublsv.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\fulbwizpkzgcublsv.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\ymcrlwmbvjpkbhqw.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Users\Admin\AppData\Local\Temp\ymcrlwmbvjpkbhqw.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe

C:\Users\Admin\AppData\Local\Temp\oewnjwofbrzwpxiqup.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\oewnjwofbrzwpxiqup.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c zqjbymfxulusmvhqvrd.exe .

C:\Windows\zqjbymfxulusmvhqvrd.exe

zqjbymfxulusmvhqvrd.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\zqjbymfxulusmvhqvrd.exe*."

C:\Windows\meyrpeyrphrqlvisyvia.exe

meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ymcrlwmbvjpkbhqw.exe .

C:\Windows\ymcrlwmbvjpkbhqw.exe

ymcrlwmbvjpkbhqw.exe .

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\windows\ymcrlwmbvjpkbhqw.exe*."

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\meyrpeyrphrqlvisyvia.exe*."

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Users\Admin\AppData\Local\Temp\meyrpeyrphrqlvisyvia.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe

C:\Users\Admin\AppData\Local\Temp\fulbwizpkzgcublsv.exe .

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

"C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe" "c:\users\admin\appdata\local\temp\fulbwizpkzgcublsv.exe*."

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.whatismyip.com udp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 104.19.222.79:80 whatismyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.67.155.175:80 www.showmyipaddress.com tcp
US 172.66.43.169:80 www.whatismyip.com tcp
US 34.111.176.156:80 www.myspace.com tcp
MD 188.138.178.64:14152 tcp
DE 85.214.228.140:80 gyuuym.org tcp
SG 18.142.91.111:80 unxfuild.info tcp
US 104.156.155.94:80 cydlrge.info tcp
GR 85.72.236.219:44972 tcp
US 8.8.8.8:53 wewqckumku.com udp
US 8.8.8.8:53 ewhqxezcwwc.net udp
US 8.8.8.8:53 vdfubgb.net udp
BG 95.42.36.163:34663 tcp
US 8.8.8.8:53 dkouvubcpovf.info udp
US 8.8.8.8:53 zyfitez.info udp
US 88.216.2.72:38356 tcp
US 8.8.8.8:53 hzlwxktkmsl.info udp
LT 78.61.60.57:34081 tcp
US 8.8.8.8:53 fzqqdxfc.net udp
US 8.8.8.8:53 cjocyhvhljvd.info udp
MD 93.116.180.218:29884 tcp
US 8.8.8.8:53 yrtkyrwt.net udp
US 8.8.8.8:53 dkixdeku.info udp
US 8.8.8.8:53 woodid.net udp
TR 85.97.241.141:38336 tcp
US 8.8.8.8:53 blriytvijot.com udp
US 8.8.8.8:53 rsjslglhy.com udp
LT 78.58.116.47:27594 tcp
US 8.8.8.8:53 jrbulad.info udp
US 8.8.8.8:53 bkngmvgi.net udp
US 8.8.8.8:53 awbwmccnuow.net udp
US 8.8.8.8:53 wczylsp.net udp
BG 46.10.68.106:14211 tcp
US 8.8.8.8:53 zuhmapbot.net udp
US 8.8.8.8:53 yspynbdonzn.net udp
BG 93.152.170.58:44601 tcp
US 8.8.8.8:53 lvliwxsju.net udp
BG 91.218.82.78:27874 tcp
US 8.8.8.8:53 wkekixz.info udp
GR 94.71.198.56:17435 tcp
US 8.8.8.8:53 bjpwlrlwpx.net udp
RU 79.105.238.83:34491 tcp
US 8.8.8.8:53 pbkmbz.net udp
US 8.8.8.8:53 vgvrpag.org udp
GB 86.29.88.80:44418 tcp
US 8.8.8.8:53 yqqigkwo.org udp
BG 84.252.63.24:31509 tcp
US 8.8.8.8:53 eonubyiixwx.info udp
US 8.8.8.8:53 eiiiaiieicsk.com udp
US 8.8.8.8:53 hqgafrjopqsh.net udp
LT 78.57.153.118:17978 tcp
US 8.8.8.8:53 ronydukqnrg.info udp
US 8.8.8.8:53 wwfnhv.info udp
US 8.8.8.8:53 ohycrudu.info udp
BG 109.160.65.93:13104 tcp
US 8.8.8.8:53 foxofcpjx.info udp
US 8.8.8.8:53 hjfdpmp.org udp
US 8.8.8.8:53 agiiyiuk.com udp
US 8.8.8.8:53 dbklwh.info udp
US 8.8.8.8:53 punjxixka.net udp
US 8.8.8.8:53 slalkhrazivx.net udp
US 8.8.8.8:53 mxjslk.info udp
US 8.8.8.8:53 hiukhyi.net udp
US 8.8.8.8:53 rjbifug.net udp
US 8.8.8.8:53 kgmaegiyug.com udp
US 8.8.8.8:53 vxxjja.info udp
US 8.8.8.8:53 zfcyfwhwr.net udp
US 8.8.8.8:53 owtumceqt.info udp
US 8.8.8.8:53 wiupjyjvr.info udp
US 8.8.8.8:53 jiloowlnx.info udp
US 8.8.8.8:53 fcezbdqm.info udp
US 8.8.8.8:53 ispcxnjcous.net udp
US 8.8.8.8:53 gaoimmwc.org udp
US 8.8.8.8:53 ovygkvcrla.info udp
US 8.8.8.8:53 alyypvemovoc.net udp
US 8.8.8.8:53 yfydmw.info udp
US 8.8.8.8:53 hyfvnvbs.net udp
US 8.8.8.8:53 icqwmc.com udp
US 8.8.8.8:53 urwdwyzxuv.net udp
US 8.8.8.8:53 jptppgrczx.net udp
US 8.8.8.8:53 nfqobekmbz.net udp
US 8.8.8.8:53 uzbiar.info udp
US 8.8.8.8:53 ucsecc.org udp
LT 78.58.44.221:33692 tcp
US 8.8.8.8:53 ctbkljzygn.info udp
US 8.8.8.8:53 fvxkhgc.org udp
US 8.8.8.8:53 lguviyyx.net udp
US 8.8.8.8:53 bwhhiptfrf.info udp
US 8.8.8.8:53 lktcrbw.com udp
US 8.8.8.8:53 karcxeeda.net udp
US 8.8.8.8:53 rdapxwymkh.info udp
US 8.8.8.8:53 hrdsgohxw.info udp
US 8.8.8.8:53 vwzjmszzfyah.net udp
US 8.8.8.8:53 qsajnxvwvd.net udp
US 8.8.8.8:53 ygholuhft.info udp
US 8.8.8.8:53 gspcxzpfn.info udp
US 8.8.8.8:53 gokuuqqm.com udp
US 8.8.8.8:53 dkdczgl.info udp
US 8.8.8.8:53 habgcbbfjp.net udp
US 8.8.8.8:53 iziovgsodf.net udp
US 8.8.8.8:53 lubvlxc.org udp
US 8.8.8.8:53 kdtuidyufj.info udp
US 8.8.8.8:53 hnrorsxohsu.net udp
US 8.8.8.8:53 esottucaoqsx.info udp
US 8.8.8.8:53 cgzqtowog.info udp
US 8.8.8.8:53 fblbpcnvloo.net udp
US 8.8.8.8:53 jihcytqyev.info udp
US 8.8.8.8:53 gdiecndz.net udp
US 8.8.8.8:53 cdychfoa.info udp
US 8.8.8.8:53 klhuurqsey.net udp
US 8.8.8.8:53 ddelbz.net udp
US 8.8.8.8:53 oqwitkv.net udp
US 8.8.8.8:53 xqywhzjhtgxa.info udp
US 8.8.8.8:53 fevpfshvp.org udp
US 8.8.8.8:53 gsbitsbuyhe.info udp
US 8.8.8.8:53 xtruvapagyu.info udp
US 8.8.8.8:53 xkzqqqo.info udp
US 8.8.8.8:53 kcryxrris.info udp
US 8.8.8.8:53 tlnybejedztg.info udp
US 8.8.8.8:53 xvactwvzzcv.org udp
US 8.8.8.8:53 jddfpvpgyr.info udp
US 8.8.8.8:53 fddpzlyxftlc.info udp
US 8.8.8.8:53 bwlzwzblyx.info udp
BG 95.111.121.214:32651 tcp
US 8.8.8.8:53 nvleygtdr.org udp
US 8.8.8.8:53 xrlyluukfb.info udp
US 8.8.8.8:53 jchwvjdndzeo.net udp
US 8.8.8.8:53 xxzgdih.net udp
US 8.8.8.8:53 fkgritslx.org udp
US 8.8.8.8:53 hqddnpkblsv.com udp
US 8.8.8.8:53 izayjutlp.info udp
US 8.8.8.8:53 vcmglo.info udp
US 8.8.8.8:53 nhynfngbdony.info udp
US 8.8.8.8:53 icjjzwopdfhv.info udp
US 8.8.8.8:53 vqtcgcotaw.net udp
US 8.8.8.8:53 wiuyegoyem.org udp
US 8.8.8.8:53 eeeiusoc.com udp
US 8.8.8.8:53 dnuyggophlme.info udp
US 8.8.8.8:53 urrzlhrdtmj.info udp
US 8.8.8.8:53 tfrytylqfi.net udp
US 8.8.8.8:53 iypzsqzawlad.net udp
US 8.8.8.8:53 zbqtpeerkb.net udp
US 8.8.8.8:53 hrpgdes.com udp
US 8.8.8.8:53 zuwrljtqss.net udp
US 8.8.8.8:53 cgkioueseswi.org udp
US 8.8.8.8:53 zriwfmhkoz.info udp
US 8.8.8.8:53 mwbknupwd.info udp
US 8.8.8.8:53 msaeugqyakco.org udp
US 8.8.8.8:53 fprstl.info udp
US 8.8.8.8:53 scqinyp.net udp
US 8.8.8.8:53 zunahzwgevm.info udp
US 8.8.8.8:53 tmrxnmjrkb.net udp
US 8.8.8.8:53 rinpgfddop.info udp
US 8.8.8.8:53 talwbyj.com udp
US 8.8.8.8:53 obpmhyhfsihq.net udp
US 8.8.8.8:53 wgqwxbkuowh.net udp
US 8.8.8.8:53 vaizlhjv.net udp
US 8.8.8.8:53 zmbiwirtm.com udp
US 8.8.8.8:53 uomieuwsgywa.com udp
US 8.8.8.8:53 hyuvjtfqls.info udp
US 8.8.8.8:53 cornpgic.info udp
US 8.8.8.8:53 mejhvcp.net udp
US 8.8.8.8:53 ydbgfyt.info udp
US 8.8.8.8:53 gqomvegqfsq.net udp
US 8.8.8.8:53 cmdixalgfvd.net udp
US 8.8.8.8:53 xfnqgoaysmm.net udp
US 8.8.8.8:53 fixijml.org udp
US 8.8.8.8:53 fklsbvmas.org udp
US 8.8.8.8:53 mdnoytoc.info udp
US 8.8.8.8:53 bzjetjpa.net udp
US 8.8.8.8:53 bvrlxiawb.net udp
US 8.8.8.8:53 eqjxhvla.net udp
US 8.8.8.8:53 ukcosqwg.org udp
US 8.8.8.8:53 otfuqtgi.net udp
US 8.8.8.8:53 ecwkjal.info udp
US 8.8.8.8:53 upwypqtp.info udp
GR 94.71.198.56:17435 tcp
US 8.8.8.8:53 sxsydftugfl.net udp
US 8.8.8.8:53 qoluxcicfjb.info udp
US 8.8.8.8:53 dddojxdkt.info udp
US 8.8.8.8:53 msoiygcw.org udp
US 8.8.8.8:53 scaouo.org udp
US 8.8.8.8:53 bstrdwdocrlu.info udp
US 8.8.8.8:53 jntxuexoq.net udp
US 8.8.8.8:53 wkcogiumouwo.com udp
US 8.8.8.8:53 jivowkwv.net udp
US 8.8.8.8:53 pnfuhkx.info udp
US 8.8.8.8:53 hyceyh.info udp

Files

C:\Users\Admin\AppData\Local\Temp\gwijnolzqgs.exe

MD5 453e59989cd5159a2dd655cddce63526
SHA1 07757c046b6ef971d83fb4521b647783775c1956
SHA256 2fec8307412b25dd288fa1247a5a073b4e9b746b682023646969e91f451f9772
SHA512 850852f6e2ba9195ee2ec99190cb467c55b129221c866fd5d45aa0fc6d4e774f14fcb4001b6460e563756df5213d10aefcf7f753fde5a921eae0b8d54acb3f13

C:\Windows\SysWOW64\oewnjwofbrzwpxiqup.exe

MD5 c80bb333a03aefa2ebc92b2d4851eaed
SHA1 e8f4a6c6537522d8c9e187f4cc2ae47252c39e6f
SHA256 26aa0051cdca76b6fea6ef46de623fc60b21b3adcb3100e3366ab638fe9c3a38
SHA512 5a2d9a4c626761a0b9ce6eca4d21453a35ea91d29a17a7ebef69d0cccf7dd86accc8ed395437578e329e6aea98dd6cb05c02a7b53ffb8014400f11a6041da4f9

C:\Users\Admin\AppData\Local\Temp\mqwblm.exe

MD5 6ccb9e03f999b8bd9fabb0c85e8a17a7
SHA1 daafb7129c76cd27975d9c073a580e31ad2ddb8b
SHA256 a03b3c8ce747d5dc6cbb22eca4df4994e4818d7bd15da7f60fdd0c8a91688423
SHA512 2f0357a5158c629644acac212910f1365cc989fb967394f6e4754e8e9ee7d1a4b034e8d12a3a7fb7eac34e7eb4a8d494f66201babcde7668fb4e02a40e1ecb6d

C:\Users\Admin\AppData\Local\suybjimpxztchbysipmosvdcgj.tnw

MD5 3e45cb14c321528df0876bd9520880af
SHA1 276444d01f90a64f2779ee5ebaee99f3c270ef53
SHA256 8b78d31a27841a63f193dfe15a90a9f79932d81d708b319eb16239816bf66ca4
SHA512 265445a5afb5a04348ea7b37dc7c95c83a79fffa6639166628bb6bf5f0cb170fc0cb579241751aeaa3b90e98c97a9b19895099a34826b98225578d2d0fbe27a5

C:\Users\Admin\AppData\Local\tgvjcmbpivaukpxcdvdqftmwlzsfkeuzhmnfn.pdw

MD5 2e2a32327ae311f5dad167de97bb9a6e
SHA1 cb0cec255b4e289dcf7a52d1722b2d2c3cd09033
SHA256 2a04ae8c59d9fe70114af8fe2cbb0e6726019ea803e7977619b8b2aee28112c0
SHA512 46dd0ff700b937213ee0fa1464a730b7afc99537c4fb1691de8655d9bf31f455b387b4962d7d5cf48f8cd0ac56536d0dbc3f57c8cfff5b8242a6ca126194fcf1

C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw

MD5 f6221ce8aa1689f209c1434f083c8597
SHA1 450f15e329b769901472a9d72685014e08c1f505
SHA256 49a68827faedf19744719f202be26ecc2bfeecc87deeda1298c2448ee133db70
SHA512 4d06003989d940bb5733da128c1e3a8b3e3f128b06bb7b0de0014a85677c875c52734804bf6ee51dc2f527d6a45e4b67fc3ecb65275d1e7a621ff71d83ccb823

C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw

MD5 1b7665b9ab464d2540cf3869208b5903
SHA1 fb805a93ea3a6e446b2352a6549b37dc5aba33be
SHA256 b41f88d9b45dcf674835551337ee6a2fd641bf97c0d7444c25a01cffdafc8a45
SHA512 59ad5222ae7a69d5f960ab2776aa050731388cd951c8eee0abbe6ab8f460fc6a2d39dc3b608a61ae4f91ef9c9e9fdc782d2a19c5f2e700e044cf0a716ca7ce59

C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw

MD5 eed8f7012d937cde7346b4e4d5bc2ab5
SHA1 2cd7d65aa07b31dbeda62b3621f709b4d58bf780
SHA256 bfe139967a9575e4581a8bd65b16cae8e100ae147997cc96c6181d26de165d0d
SHA512 1e7f90a5ac3fc68ec0d3c12cad5008b1a84f936def8716a68303b29d18ccb80205de23574a45eb093c43c3ee0e79abd57cc0cde7b769c389f5c5eac620bc6d52

C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw

MD5 f8d2913d1acbe07f96efaf2472a2dc28
SHA1 93ffd7ac289b2e1125eb894cf4fa83ab2f1644ba
SHA256 4fdba647e7e86a3ce8f25643bd9500e983ac6f755cec88cf7ce4b06c9bf03ec4
SHA512 5c99144f95e9d8e3ec4e08a4f55f4ba558ca7291427e0874b5d39d812ff7698e0e7d7bd6f5cb6b2cd8aafa833fb533938695423b55591459b6d1df04b7bc7599

C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw

MD5 a52aa074bdedaa60c0fd9de757d95743
SHA1 67533c43f13f59bd295c664c78db5bcdce1102fa
SHA256 4cdfd49468ae78544c9d1cb932c915141eedc4738c48a132fbab57203b2cd504
SHA512 87f349b41e1c175bc486506df554adf0ce99a257ea3d3dadf003cf305596b23870c7334b71717bd6ebf9a69e0cabe04e16ce06f6ea1e683c8db751b2a2f72525

C:\Program Files (x86)\suybjimpxztchbysipmosvdcgj.tnw

MD5 1931bbea9661362ba2ff96dfdd5a90de
SHA1 f79d0a1ba27365082a33e489953b84ad316809ac
SHA256 f6d84a0472cf9e2e10b4fcb54e6d1852725517a0be632a910ade7e48c4e5952f
SHA512 ae3d9eb6ba87a069f29fbfcda9de4204410f49871868c175fc5d0e341c4b4a3f0b846345409045ecb07f576d52ac79b0b523611aa07466cd5291f5535f35e715