Analysis Overview
SHA256
5362c09319c951bf520453f62ce8e2b521322aaed60b929fe2cb4f11085d0250
Threat Level: Known bad
The file JaffaCakes118_acd201e3179f1bea3176625e53ae74a0 was found to be: Known bad.
Malicious Activity Summary
Pykspa
Pykspa family
UAC bypass
Modifies WinLogon for persistence
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Blocklisted process makes network request
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks computer location settings
Looks up external IP address via web service
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-11 03:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-11 03:58
Reported
2025-04-11 04:01
Platform
win10v2004-20250314-en
Max time kernel
46s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\almeiuglag = "dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bjhwxgp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\bvfgtojxvkfbclwoagf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\bvfgtojxvkfbclwoagf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\bvfgtojxvkfbclwoagf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "ojuwkgcrqgczblxqdkkf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "dzlodaxnnebzcnauiqrnz.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "qjsseysfcqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "ojuwkgcrqgczblxqdkkf.exe ." | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "arywgyqbwiatrxfu.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\sficiwkriqet = "bvfgtojxvkfbclwoagf.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ojuwkgcrqgczblxqdkkf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\shmiqgwfyiyplp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qjsseysfcqkffnxoze.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "qjsseysfcqkffnxoze.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rfjelapxpyndy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arywgyqbwiatrxfu.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hrrilwhlz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hzhgrkdplyrlkraqa.exe ." | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dzlodaxnnebzcnauiqrnz.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhjchuhndkx = "hzhgrkdplyrlkraqa.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qzyoqakn = "bvfgtojxvkfbclwoagf.exe" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ileokospwuydnfzavksvoyuy.zge | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File created | C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Program Files (x86)\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File created | C:\Windows\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File created | C:\Windows\ileokospwuydnfzavksvoyuy.zge | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ureiywulmecbfrfapyaxko.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\qjsseysfcqkffnxoze.exe | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\hzhgrkdplyrlkraqa.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\arywgyqbwiatrxfu.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| File opened for modification | C:\Windows\bvfgtojxvkfbclwoagf.exe | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bvfgtojxvkfbclwoagf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bvfgtojxvkfbclwoagf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\dzlodaxnnebzcnauiqrnz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bvfgtojxvkfbclwoagf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\qjsseysfcqkffnxoze.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arywgyqbwiatrxfu.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_acd201e3179f1bea3176625e53ae74a0.exe"
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_acd201e3179f1bea3176625e53ae74a0.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
"C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe" "-C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe"
C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
"C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe" "-C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\ojuwkgcrqgczblxqdkkf.exe*."
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe
C:\Users\Admin\AppData\Local\Temp\bvfgtojxvkfbclwoagf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\bvfgtojxvkfbclwoagf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c hzhgrkdplyrlkraqa.exe .
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\hzhgrkdplyrlkraqa.exe
hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\hzhgrkdplyrlkraqa.exe*."
C:\Windows\dzlodaxnnebzcnauiqrnz.exe
dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\bvfgtojxvkfbclwoagf.exe*."
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\dzlodaxnnebzcnauiqrnz.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\ojuwkgcrqgczblxqdkkf.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\ojuwkgcrqgczblxqdkkf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\bvfgtojxvkfbclwoagf.exe
bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arywgyqbwiatrxfu.exe .
C:\Windows\arywgyqbwiatrxfu.exe
arywgyqbwiatrxfu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\arywgyqbwiatrxfu.exe*."
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\windows\qjsseysfcqkffnxoze.exe*."
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe
C:\Users\Admin\AppData\Local\Temp\qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\qjsseysfcqkffnxoze.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Users\Admin\AppData\Local\Temp\arywgyqbwiatrxfu.exe
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ojuwkgcrqgczblxqdkkf.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe
C:\Users\Admin\AppData\Local\Temp\hzhgrkdplyrlkraqa.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\ojuwkgcrqgczblxqdkkf.exe
ojuwkgcrqgczblxqdkkf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\qjsseysfcqkffnxoze.exe
qjsseysfcqkffnxoze.exe .
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
"C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe" "c:\users\admin\appdata\local\temp\hzhgrkdplyrlkraqa.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bvfgtojxvkfbclwoagf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dzlodaxnnebzcnauiqrnz.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c qjsseysfcqkffnxoze.exe .
Network
| Country | Destination | Domain | Proto |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| GB | 88.221.135.11:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| GB | 104.96.173.155:80 | www.ebay.com | tcp |
| TR | 46.1.178.249:43014 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | iarbxh.net | udp |
| US | 8.8.8.8:53 | qezwimuybmb.net | udp |
| US | 8.8.8.8:53 | oouokescyw.com | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | yodvdryqdq.info | udp |
| US | 8.8.8.8:53 | bsbcvu.info | udp |
| US | 8.8.8.8:53 | axrtlmxeok.net | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | dvlpph.net | udp |
| US | 8.8.8.8:53 | jktijyykjy.info | udp |
| US | 8.8.8.8:53 | zeqthdivdthn.info | udp |
| US | 8.8.8.8:53 | qsjjxevml.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | wzfnno.info | udp |
| US | 8.8.8.8:53 | rknekagyf.net | udp |
| US | 8.8.8.8:53 | wmogoioo.com | udp |
| US | 8.8.8.8:53 | bigmtvteyk.net | udp |
| US | 8.8.8.8:53 | lffasgtyiqf.info | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | vvdyauxc.net | udp |
| US | 8.8.8.8:53 | wzhbqqpc.net | udp |
| US | 8.8.8.8:53 | pzlibo.info | udp |
| US | 8.8.8.8:53 | wqrnxwnd.info | udp |
| US | 8.8.8.8:53 | lgncbyr.org | udp |
| US | 8.8.8.8:53 | jjmbhifbsyfb.net | udp |
| US | 8.8.8.8:53 | rsxcbfhhbdv.info | udp |
| US | 8.8.8.8:53 | vijoqz.net | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | alransqrzrrr.net | udp |
| US | 8.8.8.8:53 | hjxcitgi.info | udp |
| US | 8.8.8.8:53 | iuwauu.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | jciydwyrj.net | udp |
| US | 8.8.8.8:53 | piqkhedmnih.net | udp |
| US | 8.8.8.8:53 | lbdqfoeqi.com | udp |
| US | 8.8.8.8:53 | yewmgayy.com | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| LT | 87.247.97.61:34823 | tcp | |
| US | 8.8.8.8:53 | pstsgyri.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | aqrdxx.info | udp |
| US | 8.8.8.8:53 | zqtnfmyzbmh.com | udp |
| US | 8.8.8.8:53 | cpxzdcjin.net | udp |
| US | 8.8.8.8:53 | gnnpcy.info | udp |
| US | 8.8.8.8:53 | lssxocuxjsyt.net | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | eeumkasa.com | udp |
| US | 8.8.8.8:53 | amoeusigyymy.org | udp |
| US | 8.8.8.8:53 | bcxglpbeqfj.com | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | mvrjzhrx.net | udp |
| US | 8.8.8.8:53 | zwlulajkf.info | udp |
| US | 8.8.8.8:53 | axfizabqk.info | udp |
| US | 8.8.8.8:53 | pwzurcp.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | mgmiyguiye.org | udp |
| US | 8.8.8.8:53 | twxzvgjf.info | udp |
| US | 8.8.8.8:53 | iwyhtkqlmaj.info | udp |
| US | 8.8.8.8:53 | lonepub.net | udp |
| US | 8.8.8.8:53 | lltdyn.info | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | sysiuwms.com | udp |
| US | 8.8.8.8:53 | ldfpacrl.net | udp |
| US | 8.8.8.8:53 | ocdarmlyr.net | udp |
| US | 8.8.8.8:53 | ktdyfqzgsvl.net | udp |
| US | 8.8.8.8:53 | kcusiqcoomqe.org | udp |
| US | 8.8.8.8:53 | gsuuxlbul.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | ncrernmpxl.net | udp |
| US | 8.8.8.8:53 | qndyjnoc.info | udp |
| US | 8.8.8.8:53 | qgkfpytcpim.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | hqwzxbrrbb.net | udp |
| US | 8.8.8.8:53 | oaeaum.org | udp |
| US | 8.8.8.8:53 | ysswio.org | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | tohftotvrjjg.net | udp |
| US | 8.8.8.8:53 | xohejcpej.org | udp |
| US | 8.8.8.8:53 | nqtkswddj.com | udp |
| US | 8.8.8.8:53 | bsvgnjnob.com | udp |
| US | 8.8.8.8:53 | xolycvchrthp.info | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | hvnstwhqnci.net | udp |
| US | 8.8.8.8:53 | sgtxhc.info | udp |
| US | 8.8.8.8:53 | quykkeciegia.org | udp |
| US | 8.8.8.8:53 | yjeisqoql.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | kwrcxeh.info | udp |
| US | 8.8.8.8:53 | ukmgyaqqggea.com | udp |
| US | 8.8.8.8:53 | bfhuks.info | udp |
| US | 8.8.8.8:53 | qwwgug.org | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | zbjssyugverm.net | udp |
| US | 8.8.8.8:53 | ilyxsnbwqs.net | udp |
| US | 8.8.8.8:53 | byvpijskyqj.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | eamybaw.info | udp |
| TR | 176.41.172.140:14171 | tcp | |
| US | 8.8.8.8:53 | yeqcsd.net | udp |
| US | 8.8.8.8:53 | pyerxnxa.info | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | xjbwdcq.net | udp |
| US | 8.8.8.8:53 | qosgkieako.org | udp |
| US | 8.8.8.8:53 | jsneokiy.info | udp |
| US | 8.8.8.8:53 | cwixrzskukh.net | udp |
| US | 8.8.8.8:53 | fcrnvoxojbgu.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | cdvroyuviie.net | udp |
| US | 8.8.8.8:53 | vuhxtct.com | udp |
| US | 8.8.8.8:53 | oazqtucss.net | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | gogworm.net | udp |
| US | 8.8.8.8:53 | eafrcu.info | udp |
| US | 8.8.8.8:53 | nwdlay.net | udp |
| US | 8.8.8.8:53 | dgjjttnjba.net | udp |
| US | 8.8.8.8:53 | oplijvow.net | udp |
| US | 8.8.8.8:53 | supknxt.info | udp |
| US | 8.8.8.8:53 | sargqylmqq.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | zxlpyazedst.net | udp |
| US | 8.8.8.8:53 | vsxilglus.org | udp |
| US | 8.8.8.8:53 | iqnobkrfdma.info | udp |
| US | 8.8.8.8:53 | dutlpjrdd.com | udp |
| US | 8.8.8.8:53 | iyoyaea.info | udp |
| US | 8.8.8.8:53 | wopndxjpoy.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | kknnkmkp.net | udp |
| US | 8.8.8.8:53 | jwrvbwvl.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | awrwipzbsw.net | udp |
| US | 8.8.8.8:53 | fomoat.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | rxscqlijx.org | udp |
| US | 8.8.8.8:53 | xsfhufdoloo.net | udp |
| US | 8.8.8.8:53 | xhrpmmvwcs.info | udp |
| US | 8.8.8.8:53 | lrnunr.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | vppiewsu.net | udp |
| US | 8.8.8.8:53 | teaofavwt.org | udp |
| LT | 78.57.148.215:14271 | tcp | |
| US | 8.8.8.8:53 | ozlekcn.net | udp |
| US | 8.8.8.8:53 | fwtgwxxgdaz.info | udp |
| US | 8.8.8.8:53 | thwtdf.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | soccqwum.com | udp |
| US | 8.8.8.8:53 | bmsqkuv.info | udp |
| US | 8.8.8.8:53 | wpsrbhbu.net | udp |
| US | 8.8.8.8:53 | nwvfouxihje.org | udp |
| US | 8.8.8.8:53 | quikggwuqqqq.com | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | xyjqlwtvg.info | udp |
| US | 8.8.8.8:53 | xhbyfijbxju.info | udp |
| US | 8.8.8.8:53 | grfqpuuowmt.info | udp |
| US | 8.8.8.8:53 | ojfctbdsjsx.net | udp |
| US | 8.8.8.8:53 | zaumdvrlkc.info | udp |
| US | 8.8.8.8:53 | dvvqxepmn.info | udp |
| US | 8.8.8.8:53 | pdsqbb.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | ykboianqlvu.info | udp |
| US | 8.8.8.8:53 | cjtilbvid.net | udp |
| US | 8.8.8.8:53 | ckgaywwkgyca.org | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | calydcx.info | udp |
| US | 8.8.8.8:53 | xjhzac.net | udp |
| US | 8.8.8.8:53 | jkhgkt.info | udp |
| US | 8.8.8.8:53 | denjyemtisxn.net | udp |
| US | 8.8.8.8:53 | bjdurzhcz.info | udp |
| US | 8.8.8.8:53 | knywkbpmvqfd.net | udp |
| US | 8.8.8.8:53 | ceowcmfezkb.info | udp |
| US | 8.8.8.8:53 | xohwfv.info | udp |
| US | 8.8.8.8:53 | brtjun.info | udp |
| RU | 109.171.90.106:22110 | tcp | |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | vixyqctjqef.com | udp |
| US | 8.8.8.8:53 | issaukywsi.com | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | xuywhelwf.org | udp |
| US | 8.8.8.8:53 | iaurgkamly.net | udp |
| US | 8.8.8.8:53 | wgforqfwd.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | kejycuzof.net | udp |
| US | 8.8.8.8:53 | qbulkvmbdu.info | udp |
| US | 8.8.8.8:53 | kdqxkurgjt.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | ipdjfkjelpu.net | udp |
| US | 8.8.8.8:53 | igietwhsv.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | zsfkwet.com | udp |
| US | 8.8.8.8:53 | cupvhbjzlm.net | udp |
| US | 8.8.8.8:53 | chbptbpqadtd.info | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | qeecco.com | udp |
| US | 8.8.8.8:53 | bhivfjpykju.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | xhoehv.net | udp |
| US | 8.8.8.8:53 | cdkfswjoxp.net | udp |
| US | 8.8.8.8:53 | axsdeb.net | udp |
| US | 8.8.8.8:53 | jbdajgp.info | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | emoaqsay.org | udp |
| US | 8.8.8.8:53 | kaumyseqwuag.org | udp |
| US | 8.8.8.8:53 | aoappb.info | udp |
| US | 8.8.8.8:53 | euugquuueu.com | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | pnetmqwq.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | zunopexqhfsk.net | udp |
| US | 8.8.8.8:53 | ygvboaswnf.info | udp |
| US | 8.8.8.8:53 | chymzsvylji.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | mgmcocgy.org | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | ioeyyiwyeyay.com | udp |
| US | 8.8.8.8:53 | smqynhz.net | udp |
| US | 8.8.8.8:53 | ipuuqrbal.info | udp |
| US | 8.8.8.8:53 | bdpjvnkope.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | rqdklicqmj.info | udp |
| US | 8.8.8.8:53 | ofglgtxcpo.net | udp |
| US | 8.8.8.8:53 | fyfyrtfye.org | udp |
| US | 8.8.8.8:53 | iqnztuz.net | udp |
| US | 8.8.8.8:53 | fpdopjdl.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | yjroygfrmn.net | udp |
| US | 8.8.8.8:53 | liyofg.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | gkvfjnfwlt.net | udp |
| US | 8.8.8.8:53 | gxfzgsjrlaz.net | udp |
| US | 8.8.8.8:53 | zywqofn.net | udp |
| US | 8.8.8.8:53 | rpngtuoix.com | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | opoocx.net | udp |
| US | 8.8.8.8:53 | wfayrwvittd.info | udp |
| US | 8.8.8.8:53 | jqdorsafr.org | udp |
| US | 8.8.8.8:53 | mgaawoyg.org | udp |
| US | 8.8.8.8:53 | mseyjor.info | udp |
| US | 8.8.8.8:53 | bcwwzdf.com | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | sqvgycdul.net | udp |
| US | 8.8.8.8:53 | xgtfrms.net | udp |
| MD | 178.168.84.35:41928 | tcp | |
| US | 8.8.8.8:53 | quvevqlqfby.net | udp |
| US | 8.8.8.8:53 | wfqqpt.info | udp |
| US | 8.8.8.8:53 | cqryfxlc.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | nyuqjmnmf.info | udp |
| US | 8.8.8.8:53 | aqamqygm.org | udp |
| US | 8.8.8.8:53 | zinibqlmr.org | udp |
| US | 8.8.8.8:53 | pncxsulffvsb.info | udp |
| US | 8.8.8.8:53 | idnzcxhl.net | udp |
| US | 8.8.8.8:53 | jobvhzgpqn.info | udp |
| US | 8.8.8.8:53 | xtdiaubydv.net | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | aywgsw.org | udp |
| US | 8.8.8.8:53 | wpvmwsqsvx.net | udp |
| US | 8.8.8.8:53 | adrwbrthdvdz.info | udp |
| US | 8.8.8.8:53 | ewwuwy.org | udp |
| US | 8.8.8.8:53 | jkfqzkl.com | udp |
| US | 8.8.8.8:53 | pifonuxoh.com | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | ltqnfw.info | udp |
| US | 8.8.8.8:53 | qasndnyvhzjv.info | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | lfdtcqi.org | udp |
| US | 8.8.8.8:53 | dmdemtmyv.com | udp |
| US | 8.8.8.8:53 | rqbtjmhkhj.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | vuxgnxm.info | udp |
| US | 8.8.8.8:53 | nufandzcufz.org | udp |
| US | 8.8.8.8:53 | hrosxs.info | udp |
| US | 8.8.8.8:53 | tjanespkdg.info | udp |
| RU | 94.41.72.123:33459 | tcp | |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | onouaunu.net | udp |
| US | 8.8.8.8:53 | rigslqa.info | udp |
| US | 8.8.8.8:53 | llnrnz.net | udp |
| US | 8.8.8.8:53 | xegsxezsl.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | alfsqou.info | udp |
| US | 8.8.8.8:53 | wpjnjxddtr.net | udp |
| US | 8.8.8.8:53 | nyfmcylu.net | udp |
| US | 8.8.8.8:53 | uvxvqoqp.info | udp |
| US | 8.8.8.8:53 | dwpsvgzsjev.info | udp |
| US | 8.8.8.8:53 | xlfilgtwp.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | tttapdby.info | udp |
| US | 8.8.8.8:53 | osojoietyxcm.info | udp |
| US | 8.8.8.8:53 | chhlzecvh.net | udp |
| US | 8.8.8.8:53 | celiifue.info | udp |
| US | 8.8.8.8:53 | wisawk.org | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | cimmyawqeycc.com | udp |
| US | 8.8.8.8:53 | axfrfaq.net | udp |
| US | 8.8.8.8:53 | csqzzigsbim.info | udp |
| US | 8.8.8.8:53 | gftwfrav.net | udp |
| US | 8.8.8.8:53 | lzxijni.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | zwjcwzjwpuqo.net | udp |
| US | 8.8.8.8:53 | gkyunytqpyu.net | udp |
| US | 8.8.8.8:53 | ycjwbgt.net | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | cfdogwhql.info | udp |
| US | 8.8.8.8:53 | ehfzfszm.net | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | cwcmum.com | udp |
| US | 8.8.8.8:53 | skpietw.net | udp |
| US | 8.8.8.8:53 | uaqhworg.info | udp |
| US | 8.8.8.8:53 | cxxifohkq.info | udp |
| US | 8.8.8.8:53 | tohienky.info | udp |
| US | 8.8.8.8:53 | wwmcjdnrsmoo.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | fawegcrazd.info | udp |
| US | 8.8.8.8:53 | fbtkvgoqyy.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | qzlkronex.info | udp |
| US | 8.8.8.8:53 | zpfjkoet.net | udp |
| US | 8.8.8.8:53 | yquwgcyyskcw.org | udp |
| US | 8.8.8.8:53 | ecieoueosuue.org | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | sxefnv.info | udp |
| US | 8.8.8.8:53 | yuxdfy.net | udp |
| US | 8.8.8.8:53 | mcyswo.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | dckmjrwkift.info | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | dszstiocw.com | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | swpfzfj.net | udp |
| US | 8.8.8.8:53 | bjthuj.net | udp |
| US | 8.8.8.8:53 | nbxjiur.info | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | cpimnhtlcywh.net | udp |
| US | 8.8.8.8:53 | svrmnwy.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | uotxtlhko.net | udp |
| US | 8.8.8.8:53 | iweedyzqi.net | udp |
| US | 8.8.8.8:53 | imtfqvijgr.net | udp |
| US | 8.8.8.8:53 | fceaihpjhlj.org | udp |
| US | 8.8.8.8:53 | lpstck.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | diegsmpkzsv.info | udp |
| US | 8.8.8.8:53 | ayyqweigaeag.com | udp |
| US | 8.8.8.8:53 | gitoge.net | udp |
| US | 8.8.8.8:53 | sbrsdqbeion.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | bazsjqtz.info | udp |
| US | 8.8.8.8:53 | lqzuhoeypvzo.net | udp |
| US | 8.8.8.8:53 | wcnagzztdt.info | udp |
| US | 8.8.8.8:53 | jcjqksjoasx.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| BG | 151.237.114.2:26434 | tcp | |
| US | 8.8.8.8:53 | pajjkftbcnnu.info | udp |
| US | 8.8.8.8:53 | llljfchebsah.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | skzqcab.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | cgfmvyxmf.info | udp |
| US | 8.8.8.8:53 | ateftn.net | udp |
| US | 8.8.8.8:53 | ziqobwngb.net | udp |
| US | 8.8.8.8:53 | ccptaux.net | udp |
| US | 8.8.8.8:53 | ztyiksaswmt.org | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | tfptlyeyrv.net | udp |
| US | 8.8.8.8:53 | fsgozjwhtpmp.net | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | fudmvzlsr.net | udp |
| US | 8.8.8.8:53 | osgixcjgj.info | udp |
| US | 8.8.8.8:53 | emzglqg.net | udp |
| US | 8.8.8.8:53 | celynhiqsj.info | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | fowcjinw.net | udp |
| US | 8.8.8.8:53 | uoacim.org | udp |
| US | 8.8.8.8:53 | rowjzbui.info | udp |
| US | 8.8.8.8:53 | zijcncdzdzk.com | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | qufahuv.info | udp |
| US | 8.8.8.8:53 | ugnjlqpv.net | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | gqmsjwjwl.net | udp |
| US | 8.8.8.8:53 | uabgpqn.net | udp |
| US | 8.8.8.8:53 | dufspmpipgpt.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | psdojwbmt.com | udp |
| US | 8.8.8.8:53 | wqkynmn.net | udp |
| US | 8.8.8.8:53 | lkietfsqr.org | udp |
| US | 8.8.8.8:53 | zvgdfucq.net | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | jshuwgpylwh.net | udp |
| US | 8.8.8.8:53 | lixghasybir.org | udp |
| US | 8.8.8.8:53 | viweagw.net | udp |
| US | 8.8.8.8:53 | ccsnwqprtohe.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | ioiaga.org | udp |
| US | 8.8.8.8:53 | unjawxfvtx.info | udp |
| US | 8.8.8.8:53 | qcpuzjhlagv.info | udp |
| US | 8.8.8.8:53 | pdiqgfvhnxnx.net | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | chbxyuybt.info | udp |
| US | 8.8.8.8:53 | ufeddghyhery.info | udp |
| US | 8.8.8.8:53 | vgboksnbdlu.org | udp |
| US | 8.8.8.8:53 | ceskckjipdh.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | lgyovegkn.info | udp |
| US | 8.8.8.8:53 | kwipntfq.info | udp |
| US | 8.8.8.8:53 | jpmnlzmfmvyj.net | udp |
| US | 8.8.8.8:53 | sdftzo.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | lbrwylpp.info | udp |
| US | 8.8.8.8:53 | myijvlphdw.net | udp |
| US | 8.8.8.8:53 | iqkcma.com | udp |
| RU | 176.112.227.134:18104 | tcp | |
| US | 8.8.8.8:53 | nwzyvspezic.org | udp |
| US | 8.8.8.8:53 | xtgaoqbw.info | udp |
| US | 8.8.8.8:53 | wddmdwlmnj.net | udp |
| US | 8.8.8.8:53 | dtfgxswqnwn.org | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | crqmsy.info | udp |
| US | 8.8.8.8:53 | tffclgvsbqh.com | udp |
| US | 8.8.8.8:53 | xipwxoqadir.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | pxjkesvda.com | udp |
| US | 8.8.8.8:53 | okecugzupob.info | udp |
| US | 8.8.8.8:53 | hifmfhlr.net | udp |
| US | 8.8.8.8:53 | tmxgsgdqyzt.com | udp |
| US | 8.8.8.8:53 | yemhmgd.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | wgwiim.com | udp |
| US | 8.8.8.8:53 | nefvoxl.org | udp |
| US | 8.8.8.8:53 | ncfpvndztgjc.net | udp |
| US | 8.8.8.8:53 | ynpyripqr.net | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | yucgwygoawqm.org | udp |
| US | 8.8.8.8:53 | awykzztksnjn.info | udp |
| US | 8.8.8.8:53 | cwffjfbykplz.info | udp |
| US | 8.8.8.8:53 | livshkfedff.info | udp |
| US | 8.8.8.8:53 | rjeonllgnt.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | gyakauag.com | udp |
| US | 8.8.8.8:53 | qfgcwaho.info | udp |
| US | 8.8.8.8:53 | zomwufxfsmib.info | udp |
| US | 8.8.8.8:53 | gcdhztjqkvx.info | udp |
| US | 8.8.8.8:53 | hethbmjqgapd.info | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | kdgtioamrt.info | udp |
| US | 8.8.8.8:53 | omuamos.info | udp |
| US | 8.8.8.8:53 | rswaqarz.net | udp |
| US | 8.8.8.8:53 | lrtsscpysnn.info | udp |
| US | 8.8.8.8:53 | wccqwi.org | udp |
| US | 8.8.8.8:53 | suwkwwms.org | udp |
| LT | 78.57.148.215:14271 | tcp | |
| US | 8.8.8.8:53 | cgvckez.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | zqbkuunrf.info | udp |
| US | 8.8.8.8:53 | kktpkqzd.info | udp |
| US | 8.8.8.8:53 | pklgnebeaup.com | udp |
| US | 8.8.8.8:53 | yeylgfxqmcng.info | udp |
| US | 8.8.8.8:53 | eoogsiwqis.org | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | xopiesvau.org | udp |
| US | 8.8.8.8:53 | tdmgfkvcj.net | udp |
| US | 8.8.8.8:53 | kugymkeueooy.org | udp |
| US | 8.8.8.8:53 | czjslsn.info | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | kgfxwrspzwjx.info | udp |
| US | 8.8.8.8:53 | eoderfte.info | udp |
| US | 8.8.8.8:53 | fxxcrrnqzq.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | zddmwrjb.info | udp |
| US | 8.8.8.8:53 | gnmilwoxboni.info | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | mofgulxl.net | udp |
| US | 8.8.8.8:53 | emvhtuagh.net | udp |
| US | 8.8.8.8:53 | aaycgrqkhmi.net | udp |
| US | 8.8.8.8:53 | pnamdpruome.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | rsetmbbwxkdx.info | udp |
| US | 8.8.8.8:53 | wbfoxoiyx.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | vxyybqhvx.net | udp |
| US | 8.8.8.8:53 | xolebnj.info | udp |
| US | 8.8.8.8:53 | ezxqdnxzfoby.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | dnpqoaxk.net | udp |
| US | 8.8.8.8:53 | wmbdoklzrui.net | udp |
| US | 8.8.8.8:53 | iysotb.net | udp |
| US | 8.8.8.8:53 | jntcdzpsnv.info | udp |
| US | 8.8.8.8:53 | drtcvurahs.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | kxrcuvszzbfn.net | udp |
| US | 8.8.8.8:53 | xavcpsyx.info | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | zwkptgzyn.info | udp |
| US | 8.8.8.8:53 | fqjoryxyfor.net | udp |
| US | 8.8.8.8:53 | dujqjwff.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | gsauyuqi.org | udp |
| US | 8.8.8.8:53 | gcxuigpej.net | udp |
| US | 8.8.8.8:53 | gceucy.info | udp |
| US | 8.8.8.8:53 | edcgqjszmnbf.info | udp |
| BG | 109.107.92.137:16832 | tcp | |
| US | 8.8.8.8:53 | vqamccncxbbn.info | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | xfytyx.info | udp |
| US | 8.8.8.8:53 | uovgpaurdcy.net | udp |
| US | 8.8.8.8:53 | jwuunub.org | udp |
| US | 8.8.8.8:53 | fihslg.net | udp |
| US | 8.8.8.8:53 | lopcpoq.info | udp |
| US | 8.8.8.8:53 | fsysxheloaz.com | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | uqvmtwizjmj.net | udp |
| US | 8.8.8.8:53 | iuqiwpbnvyt.info | udp |
| US | 8.8.8.8:53 | ngjdngzed.com | udp |
| US | 8.8.8.8:53 | pswxrm.info | udp |
| US | 8.8.8.8:53 | ghkjumqnfc.net | udp |
| US | 8.8.8.8:53 | gyerykjwp.net | udp |
| US | 8.8.8.8:53 | ukhigmmqhkr.info | udp |
| US | 8.8.8.8:53 | uwkyqqyyaw.org | udp |
| US | 8.8.8.8:53 | ywyscmdkzog.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | wonyagz.net | udp |
| US | 8.8.8.8:53 | oiuasews.org | udp |
| US | 8.8.8.8:53 | qnxeekf.net | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | vdvvhh.net | udp |
| US | 8.8.8.8:53 | pquylmznocqq.net | udp |
| US | 8.8.8.8:53 | fwiitorhgwc.com | udp |
| US | 8.8.8.8:53 | upclxbfh.info | udp |
| US | 8.8.8.8:53 | wwgfnaudqidm.info | udp |
| US | 8.8.8.8:53 | kqqcmyqeyc.org | udp |
| US | 8.8.8.8:53 | simgwmykcaya.com | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | dlcedff.net | udp |
| US | 8.8.8.8:53 | bqmrzf.net | udp |
| US | 8.8.8.8:53 | kiqgmamsiayk.com | udp |
| US | 8.8.8.8:53 | xypqxfeihi.info | udp |
| US | 8.8.8.8:53 | zpcuhyxirszx.net | udp |
| US | 8.8.8.8:53 | hyprkev.org | udp |
| US | 8.8.8.8:53 | lgwzgpri.info | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | asucouxelie.info | udp |
| US | 8.8.8.8:53 | yosuuw.com | udp |
| US | 8.8.8.8:53 | tcjxqw.net | udp |
| US | 8.8.8.8:53 | ddxccjikgj.net | udp |
| BG | 212.73.159.191:38314 | tcp | |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | soeukwac.org | udp |
| US | 8.8.8.8:53 | myuxfov.net | udp |
| US | 8.8.8.8:53 | xpjziqi.net | udp |
| US | 8.8.8.8:53 | hexsinh.info | udp |
| US | 8.8.8.8:53 | smccqowuquck.com | udp |
| US | 8.8.8.8:53 | dyivccucfnts.net | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | aneotaz.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | yqmeasckkscc.com | udp |
| US | 8.8.8.8:53 | qgcivdpoduh.info | udp |
| US | 8.8.8.8:53 | wgsceo.com | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | zudrloiiylnu.net | udp |
| US | 8.8.8.8:53 | cileysngj.net | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | xavcvupho.net | udp |
| US | 8.8.8.8:53 | upewoe.net | udp |
| US | 8.8.8.8:53 | cqomau.com | udp |
| US | 8.8.8.8:53 | npetrsvi.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | lylhtjnctol.org | udp |
| US | 8.8.8.8:53 | imdgroj.net | udp |
| US | 8.8.8.8:53 | zqhaqzhtyf.net | udp |
| US | 8.8.8.8:53 | kfaoucvx.info | udp |
| US | 8.8.8.8:53 | ikipjydd.info | udp |
| US | 8.8.8.8:53 | vleivbbebw.net | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | wcewck.org | udp |
| US | 8.8.8.8:53 | xuemmk.info | udp |
| US | 8.8.8.8:53 | mmiskciyyacq.com | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | hkvipao.org | udp |
| US | 8.8.8.8:53 | fndgmkvl.net | udp |
| US | 8.8.8.8:53 | tcdkeyvyt.com | udp |
| US | 8.8.8.8:53 | empxjffcc.net | udp |
| US | 8.8.8.8:53 | ewuxtijvcvl.info | udp |
| US | 8.8.8.8:53 | thejvczd.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | hktblewlppjj.info | udp |
| US | 8.8.8.8:53 | fexnqmqmqqdy.info | udp |
| LT | 78.58.27.215:39493 | tcp | |
| US | 8.8.8.8:53 | tgpmlwylu.info | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | lxekmkwvpx.net | udp |
| US | 8.8.8.8:53 | kuvqbw.info | udp |
| US | 8.8.8.8:53 | rivyak.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | dxnueyidwbb.org | udp |
| US | 8.8.8.8:53 | jonoxaswf.info | udp |
| US | 8.8.8.8:53 | viuxfqcdnu.net | udp |
| US | 8.8.8.8:53 | enobimfozngl.info | udp |
| US | 8.8.8.8:53 | skinov.net | udp |
| US | 8.8.8.8:53 | jojgfoawsgyp.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | ioseljx.net | udp |
| US | 8.8.8.8:53 | lzzhvx.net | udp |
| US | 8.8.8.8:53 | vpekeghjncd.com | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | aiyurumq.net | udp |
| US | 8.8.8.8:53 | mawycigsaumg.com | udp |
| US | 8.8.8.8:53 | lqqufidk.info | udp |
| US | 8.8.8.8:53 | eathfaaieane.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | hgxqeurdhau.info | udp |
| BG | 77.78.52.70:37193 | tcp | |
| US | 8.8.8.8:53 | jwvaome.info | udp |
| US | 8.8.8.8:53 | bghylk.net | udp |
| US | 8.8.8.8:53 | laajkrocciyf.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | elzmxbdeieq.info | udp |
| US | 8.8.8.8:53 | osuiiioseeua.org | udp |
| US | 8.8.8.8:53 | tedyyvqhayx.net | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | urkpewhckcsb.info | udp |
| US | 8.8.8.8:53 | sujksmuaqurk.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | ismztop.info | udp |
| US | 8.8.8.8:53 | qqqickqauoai.org | udp |
| US | 8.8.8.8:53 | bchoglpglkr.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | viayexesnk.net | udp |
| US | 8.8.8.8:53 | xjwrkjwjaw.info | udp |
| US | 8.8.8.8:53 | pyieaytsj.net | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | esihhyhd.info | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | eccgom.org | udp |
| RU | 213.222.244.199:28956 | tcp | |
| US | 8.8.8.8:53 | djpmiep.net | udp |
| US | 8.8.8.8:53 | ldoowh.net | udp |
| US | 8.8.8.8:53 | jfylrmtzd.org | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | kjouhqwdef.info | udp |
| US | 8.8.8.8:53 | lgjhbmuez.net | udp |
| US | 8.8.8.8:53 | tkbnjqnhgu.info | udp |
| US | 8.8.8.8:53 | gebhzudeub.net | udp |
| US | 8.8.8.8:53 | rclabyi.net | udp |
| US | 8.8.8.8:53 | hklxpjmt.net | udp |
| US | 8.8.8.8:53 | euhlbibzz.net | udp |
| US | 8.8.8.8:53 | arbsvzz.info | udp |
| US | 8.8.8.8:53 | maxqzdnkjnn.net | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | shhqecjwduu.net | udp |
| US | 8.8.8.8:53 | dwqsycxgdwh.org | udp |
| US | 8.8.8.8:53 | znhfav.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | ukzhtdxflokm.info | udp |
| US | 8.8.8.8:53 | jzfibsx.com | udp |
| US | 8.8.8.8:53 | bxwzldfrdjfk.net | udp |
| US | 8.8.8.8:53 | wyhskxrdmqic.info | udp |
| US | 8.8.8.8:53 | oehunx.net | udp |
| US | 8.8.8.8:53 | ywhatszspkv.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | bviiaryqdhkt.net | udp |
| US | 8.8.8.8:53 | pamqtwuaqkd.org | udp |
| US | 8.8.8.8:53 | leqffxfj.info | udp |
| RU | 84.51.102.66:26994 | tcp | |
| US | 8.8.8.8:53 | oktebol.info | udp |
| US | 8.8.8.8:53 | tcktbwb.info | udp |
| US | 8.8.8.8:53 | ggqaeaieaomw.com | udp |
| US | 8.8.8.8:53 | paiafmabhgva.info | udp |
| US | 8.8.8.8:53 | monhruny.info | udp |
| US | 8.8.8.8:53 | lbrczvrwjqt.com | udp |
| US | 8.8.8.8:53 | xdfotsr.org | udp |
| US | 8.8.8.8:53 | lmtggw.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | vyjioapkxfj.com | udp |
| US | 8.8.8.8:53 | hmtqzceenqz.org | udp |
| US | 8.8.8.8:53 | uwmsek.org | udp |
| US | 8.8.8.8:53 | tphete.info | udp |
| US | 8.8.8.8:53 | kcurcgl.info | udp |
| US | 8.8.8.8:53 | tqkfxxpncsga.net | udp |
| US | 8.8.8.8:53 | zkolbdzh.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | tkbpfitac.net | udp |
| US | 8.8.8.8:53 | xzwkrn.info | udp |
| US | 8.8.8.8:53 | prtaorztthqv.net | udp |
| US | 8.8.8.8:53 | rnaijqdcan.info | udp |
| US | 8.8.8.8:53 | tgosrwi.org | udp |
| US | 8.8.8.8:53 | segokamccq.com | udp |
| US | 8.8.8.8:53 | ahrzcxjn.net | udp |
| US | 8.8.8.8:53 | nalyuwoftjdi.net | udp |
| US | 8.8.8.8:53 | eawigd.info | udp |
| US | 8.8.8.8:53 | bkibdzjpbzxh.net | udp |
| US | 8.8.8.8:53 | lblgvitfuuto.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | zsxxlwj.net | udp |
| US | 8.8.8.8:53 | vcrtvdakp.info | udp |
| US | 8.8.8.8:53 | ywgagwiu.org | udp |
| US | 8.8.8.8:53 | yoouoemu.com | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | gwogmc.org | udp |
| US | 8.8.8.8:53 | lounflrdgl.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | vbzcxer.com | udp |
| US | 8.8.8.8:53 | ucroxrtqb.info | udp |
| US | 8.8.8.8:53 | cqqoie.net | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | vmcilx.info | udp |
| US | 8.8.8.8:53 | hydaawp.com | udp |
| US | 8.8.8.8:53 | xitbtenmj.info | udp |
| CN | 202.90.109.62:28884 | tcp | |
| US | 8.8.8.8:53 | dibsjycbxy.info | udp |
| US | 8.8.8.8:53 | gzjuxbfofey.info | udp |
| US | 8.8.8.8:53 | mohomqrnz.info | udp |
| US | 8.8.8.8:53 | smicoiczhnv.net | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | owueqmaugmks.com | udp |
| US | 8.8.8.8:53 | ujhwdorwjct.info | udp |
| US | 8.8.8.8:53 | imaikwem.org | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | kuewitqdbhcs.info | udp |
| US | 8.8.8.8:53 | myskiqqi.com | udp |
| US | 8.8.8.8:53 | medxklg.net | udp |
| US | 8.8.8.8:53 | yvrszzll.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | dqvadqp.com | udp |
| US | 8.8.8.8:53 | aatchtjffgfj.net | udp |
| US | 8.8.8.8:53 | eyzqou.net | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | dacicqlmj.net | udp |
| US | 8.8.8.8:53 | ucfallr.info | udp |
| US | 8.8.8.8:53 | bkmqnccmq.com | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | zojdpseada.net | udp |
| US | 8.8.8.8:53 | szzljg.net | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | tmloxnhnr.org | udp |
| US | 8.8.8.8:53 | moauyq.info | udp |
| US | 8.8.8.8:53 | yseuuckk.org | udp |
| US | 8.8.8.8:53 | qfjlsekzzuja.info | udp |
| US | 8.8.8.8:53 | twhpgkqigoc.com | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | pieulcnwa.info | udp |
| US | 8.8.8.8:53 | jvvruulhqiid.info | udp |
| US | 8.8.8.8:53 | cdbqhocolgw.info | udp |
| US | 8.8.8.8:53 | ridxkdvwla.info | udp |
| US | 8.8.8.8:53 | oemciegesg.org | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | zniuxtoqmnvb.info | udp |
| US | 8.8.8.8:53 | wmvyxwl.info | udp |
| US | 8.8.8.8:53 | ztuvfk.info | udp |
| US | 8.8.8.8:53 | mwywiyac.org | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | qmiqoymwqyii.org | udp |
| US | 8.8.8.8:53 | dalquhj.com | udp |
| US | 8.8.8.8:53 | mmatissmmqlv.net | udp |
| US | 8.8.8.8:53 | kwbsrncquyr.info | udp |
| US | 8.8.8.8:53 | hkomwbdauo.net | udp |
| US | 8.8.8.8:53 | zjpxwusdpx.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | coxlxol.net | udp |
| US | 8.8.8.8:53 | rgxehalzhsrq.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | znrdeltt.net | udp |
| US | 8.8.8.8:53 | xcfwosls.net | udp |
| US | 8.8.8.8:53 | grpnjtiyqz.info | udp |
| US | 8.8.8.8:53 | zuouloiib.net | udp |
| NO | 37.191.143.136:42231 | tcp | |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | duxmanqfym.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | rcbmfkswfuv.org | udp |
| US | 8.8.8.8:53 | ywieqyv.net | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | ymuqsmyeqyka.com | udp |
| US | 8.8.8.8:53 | iwogkqksckai.com | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | lhykkpfag.info | udp |
| US | 8.8.8.8:53 | racbxunupewc.info | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | oedqzthsf.net | udp |
| US | 8.8.8.8:53 | ctgtjhqm.info | udp |
| US | 8.8.8.8:53 | betwnahel.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | mldmhp.info | udp |
| US | 8.8.8.8:53 | shpspuxtz.info | udp |
| US | 8.8.8.8:53 | sgmqki.org | udp |
| US | 8.8.8.8:53 | tjliwcg.org | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | bgpwzpn.org | udp |
| US | 8.8.8.8:53 | wsogkieumsai.org | udp |
| US | 8.8.8.8:53 | sikiyiyg.com | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | rwokit.net | udp |
| US | 8.8.8.8:53 | fcdwxk.info | udp |
| BG | 46.47.121.144:28559 | tcp | |
| US | 8.8.8.8:53 | pjdwlf.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | uphkphts.info | udp |
| US | 8.8.8.8:53 | peyjszhlel.info | udp |
| US | 8.8.8.8:53 | mycwywysmgsu.com | udp |
| US | 8.8.8.8:53 | ssbeffu.net | udp |
| US | 8.8.8.8:53 | ochgljxljm.info | udp |
| US | 8.8.8.8:53 | qshccnlcvbf.info | udp |
| US | 8.8.8.8:53 | akjhfkc.net | udp |
| US | 8.8.8.8:53 | aagdkhtaxe.info | udp |
| US | 8.8.8.8:53 | pwrspu.info | udp |
| US | 8.8.8.8:53 | zsdcfmz.info | udp |
| US | 8.8.8.8:53 | uxzbomtgrn.net | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | gkwqsmmy.org | udp |
| US | 8.8.8.8:53 | xzpswxijdl.net | udp |
| US | 8.8.8.8:53 | vyehpakwrmh.org | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | dwvcdxvvw.info | udp |
| US | 8.8.8.8:53 | nutwtizyxsf.info | udp |
| US | 8.8.8.8:53 | lokglgz.info | udp |
| US | 8.8.8.8:53 | dzdvdk.info | udp |
| US | 8.8.8.8:53 | viwgxeycb.info | udp |
| US | 8.8.8.8:53 | wgbnmnls.info | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | sxyiuv.net | udp |
| US | 8.8.8.8:53 | awrcthrdb.info | udp |
| US | 8.8.8.8:53 | emvudcqsl.net | udp |
| DE | 87.120.84.24:43819 | tcp | |
| US | 8.8.8.8:53 | nclupzew.net | udp |
| US | 8.8.8.8:53 | gyhteapvt.net | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | rcnxfrj.net | udp |
| US | 8.8.8.8:53 | cvoetl.net | udp |
| US | 8.8.8.8:53 | rkkuzry.info | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | ywiswyyvybg.info | udp |
| US | 8.8.8.8:53 | wynczijgovh.net | udp |
| US | 8.8.8.8:53 | asmsiy.org | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | zalxgbjsgsvd.net | udp |
| US | 8.8.8.8:53 | iyvrke.info | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | nyprwak.net | udp |
| US | 8.8.8.8:53 | repgsrcywat.com | udp |
| US | 8.8.8.8:53 | ilsrsloydwr.info | udp |
| US | 8.8.8.8:53 | smxvprrsuv.info | udp |
| US | 8.8.8.8:53 | elamtqjbestb.net | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | aazmlydfmet.info | udp |
| US | 8.8.8.8:53 | bbjttwmgtvrk.net | udp |
| US | 8.8.8.8:53 | iwriah.net | udp |
| US | 8.8.8.8:53 | tfubhegrfkhk.net | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | zszftjx.com | udp |
| US | 8.8.8.8:53 | iqnazcxqo.info | udp |
| US | 8.8.8.8:53 | gqnedqh.info | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | nwylprnoxj.info | udp |
| US | 8.8.8.8:53 | bzilldjv.info | udp |
| US | 8.8.8.8:53 | dchfphlyzdnt.info | udp |
| US | 8.8.8.8:53 | msdajup.info | udp |
| US | 8.8.8.8:53 | ozspoj.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\rfyzcmqobpi.exe
| MD5 | 70971f6c6d5e508ea1bfaec67bf739a3 |
| SHA1 | a43de5a8722562f3fbd1245f15ecc0cd87c5f088 |
| SHA256 | b25a92c91198e03bd144cefd593301f4b3837b3880740a63d9526b032d150954 |
| SHA512 | d92b578685c8bf1e459e323f99275c8eaaec0a0a7767f3b87c9ff95351292b0ed5cc4c272eec699f0a105cb5bb4390ce0a8b35342d9defe099c71828a62e96a0 |
C:\Windows\SysWOW64\qjsseysfcqkffnxoze.exe
| MD5 | acd201e3179f1bea3176625e53ae74a0 |
| SHA1 | 16aba416493d24d4fcc7f94133da3a3bc328016c |
| SHA256 | 5362c09319c951bf520453f62ce8e2b521322aaed60b929fe2cb4f11085d0250 |
| SHA512 | f3234c90de201c62cb1ec4f101cc017289960916a98452a65500cadc3ec181a01a200381660e5789b99673d6db827fa6cfa96fe812e7540c88b01e59662a99ba |
C:\Users\Admin\AppData\Local\Temp\bjhwxgp.exe
| MD5 | 0e965ec7a83e481bceea838a53d825f3 |
| SHA1 | 703329695d2c58ce2d747ded25b8eb8398b2824b |
| SHA256 | 02b27aeef5325b4015716cb52a5d12bbefa4015a93d3524c7e3b351d2a3036cb |
| SHA512 | 09ffc454937adbbf26281c2bce6cb8220760e96ff331aec6c685ed429b86c3f32c996a352a557d4bfa0ed44f863a0d76eb15e9cb914aca3ae52fe04f9cfefda7 |
C:\Users\Admin\AppData\Local\ileokospwuydnfzavksvoyuy.zge
| MD5 | 7dd1f062c8738eacc5d872bb35f9effe |
| SHA1 | dd85c101744bbdb65434274924ac2805c3e73b35 |
| SHA256 | 30c0e5bf9df19bfac87929afe151c73d2c68b6201bcbb0fa91eb890f668a14cd |
| SHA512 | 104f3489083ae28d34258ac61f7e7c8ca4b73649398fac114161cfd870ea75c2b7aa010c8df667bf26c30f89d157b2ade45c3d5ce523e96dde77d4df4be93eea |
C:\Users\Admin\AppData\Local\rfjelapxpyndybgsyyrfjelapxpyndybgsy.rfj
| MD5 | c3b337c188a7491d148b299a2af5b1d6 |
| SHA1 | b9d71f8912e54258a00afcd1bad4c19b15644b05 |
| SHA256 | b22b8b0311d73f83c5299354af2bc2f7ee856c7cf023347fb5cf6f6bbfbf744a |
| SHA512 | b1f357df6dcc242e5027c7e2221675a12df7024b3fb2de718efbf7afda75d7ea9ac397390fec907a5c2423131ce76c9aa07b8885e23ff9b58dc714eaf0b11316 |
C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge
| MD5 | f2bd9632bd7bcccde06981a4114a5557 |
| SHA1 | e7529f100314472ea316d5746a93ee834db75511 |
| SHA256 | 842acade11a87fda9f4b9a7032e37e576f388e14e5de34b1514e0793c47ef16f |
| SHA512 | ad8a66dc24467217ecbd5adde336b126ca10179f81202369002a57c61999ffc5aedd1eb93aabba5b764eadcc98421d8f6deaf690d97e3598868cb29de542fb82 |
C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge
| MD5 | cdce2f72bd9ff228e9ca8da43388d572 |
| SHA1 | 08555ec04ac4487a3846eb1c8bb514c65c4da00e |
| SHA256 | 5af5af26fa195819faf9f1b8fe3117d5cd13dc43a5c60db7e7a2d2f0ff25aee7 |
| SHA512 | 922493b5840d444cc4462ff7bf6da840e9d547af99f9d884cd93e69f0fc56fc2e811c448444097f8cfc35738d04d9f1937f24500956a57dba154a7d94fe1d21e |
C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge
| MD5 | 8e90c44a1183fa880d92b7e874f2e5e9 |
| SHA1 | b3cf94c0f96d1ccacceb2a081136574b81a14925 |
| SHA256 | 6648ee5740ddc8cb0556c596779787737e58eb4b80c3af4d579c54f3e4c8b12c |
| SHA512 | bfbbd2e0f14ebed4337b489a0f8e2886200aa24100bfb3bfafbcfddfa6a108f8d746def5b259e9e1789da7a47fd85de81d1f9fea9a5d3591b59f1e7a14c4fc01 |
C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge
| MD5 | 38a62d0d7f4ecaeac040370b5210bec3 |
| SHA1 | e0ecbc012bda023ac08abb2d644719ef1f7d9a95 |
| SHA256 | 0f84b092fda821df5e9af6de46dc32b5c1c9ccb9fef4d79e187ff80524b690b2 |
| SHA512 | 565fe627808c25bcf3ef241553065cdddfdb94196c8f79141a6a47c37ab26ba02e17c8d62ef65976eec0a1cebe71fed6748e3fd4834ef1ba6301387874cefbcd |
C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge
| MD5 | c88808064936dd151e1dc68adaec0488 |
| SHA1 | 0251b61e7c3b288c1e0594133c267faf81055d3b |
| SHA256 | 49a6ed9dd1a006750a233c6dfb12ba79b5a5a2e01d0b384a3aa1ad421c553b34 |
| SHA512 | 63171625260280b69901b4271aadba06b17cf2b1a80b1d9e393f29650d67f7fbff5056acaef268e2429267bad51ced09a70a8a68910817cb8a5f36a8f79fc546 |
C:\Program Files (x86)\ileokospwuydnfzavksvoyuy.zge
| MD5 | 2b8fdfe67ecf81a33fbb42fa69d577f0 |
| SHA1 | 31bfd4d319a66164a262468f808585ac48184e22 |
| SHA256 | bde5786285c432433ba48002065f627e9e0ced5bf27d06015b4273bccf488ee6 |
| SHA512 | bbba30af5a5650985ef681857c026b2d952f40065e787a5ee75bd5ed3036784079988a231478c5def757b2256bfb2e1d5b3f6bedec30dd99d322f46506f29c1b |