Analysis Overview
SHA256
2dd546c14f099e9bb4743023030628c46e25af589292816d7666c17ab7f17bd6
Threat Level: Known bad
The file JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Pykspa
Pykspa family
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Hijack Execution Flow: Executable Installer File Permissions Weakness
Looks up external IP address via web service
Adds Run key to start application
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-13 12:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-13 12:17
Reported
2025-04-13 12:20
Platform
win10v2004-20250410-en
Max time kernel
40s
Max time network
151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\nrhjtflt = "lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\abonu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xjhrjdrhyikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xjhrjdrhyikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xjhrjdrhyikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "ynobwtkdxkpmccpsbec.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "arujgfytpelkcetyjoofi.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "xjhrjdrhyikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "xjhrjdrhyikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "lbdrnldxsgmkbcqueihx.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "erqbupevnybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\arujgfytpelkcetyjoofi.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "erqbupevnybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "arujgfytpelkcetyjoofi.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejadobirb = "erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "erqbupevnybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "arujgfytpelkcetyjoofi.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\szsxkzitfkh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ynobwtkdxkpmccpsbec.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nbbnhdtlequqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqbupevnybwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\xdvzlzhrcg = "lbdrnldxsgmkbcqueihx.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ybqralq = "nbbnhdtlequqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pxrxlblxkqoe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xjhrjdrhyikeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnbbjt = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lbdrnldxsgmkbcqueihx.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File created | C:\Windows\SysWOW64\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File created | C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File created | C:\Program Files (x86)\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File created | C:\Windows\bxfzbfddeykolsmwmwbxfz.fdd | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File created | C:\Windows\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\erqbupevnybwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lbdrnldxsgmkbcqueihx.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xjhrjdrhyikeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rjndbbvroemmfiyeqwxptj.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\arujgfytpelkcetyjoofi.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nbbnhdtlequqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\ynobwtkdxkpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjhrjdrhyikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjhrjdrhyikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xjhrjdrhyikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nbbnhdtlequqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lbdrnldxsgmkbcqueihx.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b4a229565b18ddf6e26668fa71c1f260.exe"
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b4a229565b18ddf6e26668fa71c1f260.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
"C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe" "-C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe"
C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
"C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe" "-C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nbbnhdtlequqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\nbbnhdtlequqfeqsac.exe
nbbnhdtlequqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nbbnhdtlequqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe
C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lbdrnldxsgmkbcqueihx.exe*."
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xjhrjdrhyikeroyy.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\ynobwtkdxkpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\xjhrjdrhyikeroyy.exe
xjhrjdrhyikeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c arujgfytpelkcetyjoofi.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lbdrnldxsgmkbcqueihx.exe .
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\erqbupevnybwkitub.exe
erqbupevnybwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\arujgfytpelkcetyjoofi.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\arujgfytpelkcetyjoofi.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nbbnhdtlequqfeqsac.exe .
C:\Windows\ynobwtkdxkpmccpsbec.exe
ynobwtkdxkpmccpsbec.exe
C:\Windows\lbdrnldxsgmkbcqueihx.exe
lbdrnldxsgmkbcqueihx.exe .
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\ynobwtkdxkpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqbupevnybwkitub.exe .
C:\Windows\arujgfytpelkcetyjoofi.exe
arujgfytpelkcetyjoofi.exe .
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xjhrjdrhyikeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xjhrjdrhyikeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\erqbupevnybwkitub.exe*."
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.baidu.com | udp |
| HK | 103.235.46.115:80 | www.baidu.com | tcp |
| GB | 89.191.127.22:13315 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | vikurevyf.info | udp |
| US | 8.8.8.8:53 | jgdedx.net | udp |
| US | 8.8.8.8:53 | arbyzeb.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| BG | 87.97.175.199:31692 | tcp | |
| BG | 87.120.107.30:43508 | tcp | |
| RU | 95.189.42.226:20235 | tcp | |
| GB | 89.191.127.123:25027 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| BG | 217.174.59.36:13071 | tcp | |
| RU | 79.105.159.72:17688 | tcp | |
| BG | 78.90.165.49:40059 | tcp | |
| BG | 85.196.183.188:31621 | tcp | |
| RU | 95.189.42.226:20235 | tcp | |
| BG | 46.10.15.67:32387 | tcp | |
| BG | 46.47.114.66:18374 | tcp | |
| LT | 85.206.79.117:24879 | tcp | |
| LT | 88.216.27.200:37010 | tcp | |
| US | 8.8.8.8:53 | dprqgeqyn.net | udp |
| US | 8.8.8.8:53 | xugsdmdrgha.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | khkhlhub.info | udp |
| US | 8.8.8.8:53 | wkgtnywv.net | udp |
| US | 8.8.8.8:53 | mysqka.org | udp |
| US | 8.8.8.8:53 | aupqxqf.net | udp |
| US | 8.8.8.8:53 | iioyyqwygu.org | udp |
| BG | 46.10.110.209:43834 | tcp | |
| US | 8.8.8.8:53 | aquwikmqec.org | udp |
| US | 8.8.8.8:53 | auzvrl.info | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | fktsplded.com | udp |
| US | 8.8.8.8:53 | uqcmwkoa.org | udp |
| US | 8.8.8.8:53 | gyrukamfl.net | udp |
| US | 8.8.8.8:53 | elrizatoxma.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | oaysuimkme.com | udp |
| US | 8.8.8.8:53 | moycqm.org | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | umusesiygsgu.com | udp |
| US | 8.8.8.8:53 | oetkfu.net | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | puhpplf.info | udp |
| US | 8.8.8.8:53 | nerltuvfnq.net | udp |
| US | 8.8.8.8:53 | tvnfog.net | udp |
| US | 8.8.8.8:53 | nynenczotdj.com | udp |
| US | 8.8.8.8:53 | itxwtlxyney.net | udp |
| US | 8.8.8.8:53 | kwusgi.org | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | uwgkooqw.com | udp |
| US | 8.8.8.8:53 | qscakqia.com | udp |
| US | 8.8.8.8:53 | noopdlrucyjf.info | udp |
| US | 8.8.8.8:53 | jovkhga.org | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | gejwhksyq.net | udp |
| US | 8.8.8.8:53 | jdxupxvugvfn.net | udp |
| US | 8.8.8.8:53 | jxbguoxqxut.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | frnisqs.info | udp |
| US | 8.8.8.8:53 | dmnmtizun.info | udp |
| US | 8.8.8.8:53 | fsoeebulkcfo.info | udp |
| US | 8.8.8.8:53 | icjhyjld.info | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | cmiuykgoaqww.org | udp |
| US | 8.8.8.8:53 | zuwansczhaq.org | udp |
| US | 8.8.8.8:53 | emakmgieek.org | udp |
| US | 8.8.8.8:53 | cluwwt.info | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | gkgccaokikso.com | udp |
| US | 8.8.8.8:53 | uwamfms.net | udp |
| US | 8.8.8.8:53 | fxltfaja.info | udp |
| US | 8.8.8.8:53 | rexood.net | udp |
| US | 8.8.8.8:53 | dutpbgjt.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | txdcdlxmlgj.net | udp |
| US | 8.8.8.8:53 | pwlnzel.net | udp |
| US | 8.8.8.8:53 | dmbqrodytaf.info | udp |
| US | 8.8.8.8:53 | sxsftqzqxkr.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | vcdgrlautaf.info | udp |
| US | 8.8.8.8:53 | zkqujrxmlih.com | udp |
| US | 8.8.8.8:53 | zrofrwprxv.net | udp |
| US | 8.8.8.8:53 | cnwrdi.net | udp |
| US | 8.8.8.8:53 | kknuxgiyagd.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | posdiqfwasm.info | udp |
| US | 8.8.8.8:53 | fotgpuhhsit.org | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | scbrof.net | udp |
| US | 8.8.8.8:53 | lqskoevirc.info | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | ednzesnzbl.net | udp |
| US | 8.8.8.8:53 | wgyeiaaiew.org | udp |
| US | 8.8.8.8:53 | ckacycycqg.org | udp |
| US | 8.8.8.8:53 | xvpvhbydjz.net | udp |
| US | 8.8.8.8:53 | xqhkuos.org | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | qioxgylv.net | udp |
| US | 8.8.8.8:53 | sgvwcwc.info | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | auqtzcyli.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | rgjatplerkm.info | udp |
| US | 8.8.8.8:53 | dmrhnd.net | udp |
| US | 8.8.8.8:53 | nuokvyzlxn.net | udp |
| US | 8.8.8.8:53 | krhwda.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | eynitjv.info | udp |
| US | 8.8.8.8:53 | fbfpexyk.net | udp |
| US | 8.8.8.8:53 | fwnabbpqjul.info | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | icggomca.com | udp |
| US | 8.8.8.8:53 | xkfwgkaqpni.net | udp |
| US | 8.8.8.8:53 | aytobsjvd.info | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | zcwjjakn.net | udp |
| US | 8.8.8.8:53 | jlzsbstoctbk.net | udp |
| US | 8.8.8.8:53 | lwfcbdaem.info | udp |
| US | 8.8.8.8:53 | bizajcfmfdv.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | txxgetozhw.net | udp |
| US | 8.8.8.8:53 | hzydoouueq.info | udp |
| US | 8.8.8.8:53 | vlolcwruoif.info | udp |
| US | 8.8.8.8:53 | lmlcdghnrqu.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | wiqdaminfz.net | udp |
| US | 8.8.8.8:53 | oacoioyooyoa.org | udp |
| US | 8.8.8.8:53 | modatgr.net | udp |
| US | 8.8.8.8:53 | tsnhfmxad.net | udp |
| US | 8.8.8.8:53 | bvqvzdhpdubo.net | udp |
| US | 8.8.8.8:53 | reqsxcteb.info | udp |
| US | 8.8.8.8:53 | dmfbslcshwbu.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | uycookqcokmo.com | udp |
| US | 8.8.8.8:53 | qagqhmv.info | udp |
| US | 8.8.8.8:53 | tgdnhyjhnqi.org | udp |
| US | 8.8.8.8:53 | dqdyqmfcl.info | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | huexdevpeaar.info | udp |
| US | 8.8.8.8:53 | tgklsrpkpoei.info | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | vwhvlmc.org | udp |
| US | 8.8.8.8:53 | lcxqfavqhnm.net | udp |
| US | 8.8.8.8:53 | dqgpxhhqcxeb.net | udp |
| US | 8.8.8.8:53 | vbmsimww.info | udp |
| US | 8.8.8.8:53 | cljqrys.net | udp |
| US | 8.8.8.8:53 | hovayx.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | pvpzezzcci.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | kmbxvmjc.net | udp |
| US | 8.8.8.8:53 | qbgkxhwcrl.info | udp |
| US | 8.8.8.8:53 | nibyjubkn.org | udp |
| US | 8.8.8.8:53 | juhzhlr.net | udp |
| US | 8.8.8.8:53 | aunxplxxliqz.info | udp |
| US | 8.8.8.8:53 | zfgkhbaqt.net | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | pjywyr.net | udp |
| US | 8.8.8.8:53 | ksmssuaor.info | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | lhzcvmsjcpnp.net | udp |
| US | 8.8.8.8:53 | cycekzmsww.net | udp |
| US | 8.8.8.8:53 | oayagsooun.net | udp |
| US | 8.8.8.8:53 | ycljdslo.net | udp |
| US | 8.8.8.8:53 | hatcjfciw.org | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | tnolzuin.net | udp |
| US | 8.8.8.8:53 | nsnjwd.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | ueiuywojcdtp.info | udp |
| US | 8.8.8.8:53 | zmoirscpvk.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | jmeifxn.net | udp |
| US | 8.8.8.8:53 | meyaqayw.org | udp |
| US | 8.8.8.8:53 | vqpravjur.info | udp |
| US | 8.8.8.8:53 | xobnfmj.net | udp |
| US | 8.8.8.8:53 | mebozchepax.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | wbhodoue.net | udp |
| US | 8.8.8.8:53 | dklbcgzkdu.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | oxtgtw.info | udp |
| US | 8.8.8.8:53 | rkahmgpbwz.info | udp |
| US | 8.8.8.8:53 | ahvltlqovpgx.net | udp |
| US | 8.8.8.8:53 | jyltyylmj.info | udp |
| US | 8.8.8.8:53 | gywuwe.com | udp |
| US | 8.8.8.8:53 | ktryhwvonxhg.info | udp |
| US | 8.8.8.8:53 | blckjmmx.net | udp |
| US | 8.8.8.8:53 | swuoqyuaggki.org | udp |
| US | 8.8.8.8:53 | juzftemrlo.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | pjxpkerykil.net | udp |
| US | 8.8.8.8:53 | bbvdmxnxzevl.info | udp |
| US | 8.8.8.8:53 | oypznm.net | udp |
| US | 8.8.8.8:53 | jybmaphn.net | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | ykwqsc.org | udp |
| US | 8.8.8.8:53 | kwgiak.org | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | pjumebv.com | udp |
| US | 8.8.8.8:53 | dmzpsqbvta.net | udp |
| US | 8.8.8.8:53 | bucltsqieyp.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | dqzszwxiz.org | udp |
| US | 8.8.8.8:53 | qzwacbkn.info | udp |
| US | 8.8.8.8:53 | acahgr.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
| MD5 | 89ec3461ef4a893428c32f89de78b396 |
| SHA1 | 8067cdc0901f0dc5bc1bb67a1c9037f502ea85f9 |
| SHA256 | 1849989ee704cda3b552b5021f3165012978d26d0daf7d22a09805deb6be2d0b |
| SHA512 | 7804fa36e1f050115b00d21a9a94cf92436260a385da67106b0c73eb350abafca53f2dec42d377d4eccc095dd75ac92e841fb66e874e656e412cd71ed7909fe8 |
C:\Windows\SysWOW64\nbbnhdtlequqfeqsac.exe
| MD5 | b4a229565b18ddf6e26668fa71c1f260 |
| SHA1 | 2307c3afc80bec3823f5774322faf82518702d04 |
| SHA256 | 2dd546c14f099e9bb4743023030628c46e25af589292816d7666c17ab7f17bd6 |
| SHA512 | 2a7f67798e04b983728cda41060a0424e9eb64d9102299bd58199e9d280d33977a737ed791d819d966973d7ccb145c549f0e3e573b377544ed1a81c9ebc324bc |
C:\Users\Admin\AppData\Local\Temp\lnbbjt.exe
| MD5 | 9a28b3d40f4ad0104fec9fcb86eeb561 |
| SHA1 | 3997e0e8bd78df27fd082bcdbeb0aff39eb12b7b |
| SHA256 | e359acd776dea8d82a7bd8ac4f6511d579395c45fd42ee13ad2bbca72aaeb5fa |
| SHA512 | afff2715d6de01db1bc77429b4ef0437e612dc75aaf617fb9cf0b765c4839494396e14e8bc8bb51653a8fa00dd1778d5fd619c67d280b7d803f221b03b636973 |
C:\Users\Admin\AppData\Local\szsxkzitfkhwewbwxsipinapyjvaxmumr.niy
| MD5 | 2d950ce77f367a38d9f4409e5cecbe59 |
| SHA1 | 711b0a9bdaaff62c0f20d63507de05f558be2a88 |
| SHA256 | d41db908cd887d0b6be8540394274dc2f1c8a69814e62cf21bc17bbb1a01ef2b |
| SHA512 | ed209e2113c0103567101e88a2a58022cd89407c4aa5515960c67cbcb5c62be3bd2904184c8a3bcccfe2ac16689429ec950bf46010b017f0eadef17daa67297c |
C:\Users\Admin\AppData\Local\bxfzbfddeykolsmwmwbxfz.fdd
| MD5 | 22dbd511ae41cebee030b9fcbe9535f9 |
| SHA1 | e5ee316ef950e7e87ddb81b560640cc6abe6da46 |
| SHA256 | 8dad2533c1433f63afaebdd519e6d92f2a333a5d6a58132c590bee3d6f925826 |
| SHA512 | b493248e606182df7733e2bd7330d1d0383e10b21eb6e0af187ac5a2302c63093c52578341dd7c2a04d2b68124ee80a0f00f206cbc256bc51c62d73775d8441a |
C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd
| MD5 | cca099510847780b8fae07d16f71041f |
| SHA1 | d85a8b60b5d2cb180f6506e438bf963bd40875f8 |
| SHA256 | a656494e0ed08158f74b5d68cbf5fdffd621fb5a0f008b06a5f7c953def4bce8 |
| SHA512 | 8c562a0081d32b1583d1c73681d89616051ed4f40de8654cead8b61986e15ea6751d4e220c15cf474bb0ca5a2e90a413776ed1210397027dc366942500090295 |
C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd
| MD5 | 2b5a24ba675a3c1c2ea4a0de8cc5c5b9 |
| SHA1 | d86093fb08c871863ec9d3c2a75a31a21f049470 |
| SHA256 | 9ac9d817a5ffcff5be70b7d89c76bcc4389ff86159609ff66ba8742572cd5efe |
| SHA512 | a0e57704f8ac6da0d34b9f66f1ea011c1545455ccf1464cd79c298f4b540304b244fdc907e7af0823ed58ad038e726b705a49e37f8a49a133a911d84c9cbe352 |
C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd
| MD5 | 06423f3fc4108af8a4e7489724ecb4c4 |
| SHA1 | dd26da593e4c4c76b247d4a02366265c2c761182 |
| SHA256 | d46483304ad597680ffcc32c5f6ada5543717f69599be85af6863a4671ef8edf |
| SHA512 | 30b31fd96a8c3b38de5f8b1a35e2ac8bb49748e69fd74239800845968bca23fa785a9f5bf5611d74053f5b1fc62b948eac9d489028115601d4333a296285082e |
C:\ejadobirb.bat
| MD5 | 91341f666ce4e3db7b8139902bfc4d28 |
| SHA1 | ab1442ebd90125df99f2a4b482924185c09f255b |
| SHA256 | 7fdffd4ed539eeb96f3bebf04d08bbf7f52f751c45576a37d905451491ad6aa6 |
| SHA512 | 0bafa761adcbeac2b0f1a3b74364aa58f169a5bd79470a2aaacb2567508b3b58f4ef985c6bf069b072f4bbc83e0f6ce7a875af4019f650abdd072e49847ed4b4 |
C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd
| MD5 | 541a3707fb9f37ab4dee93eb35144f1c |
| SHA1 | 17287fe1bb120dbf1b11852258127df9def5227a |
| SHA256 | 43339dc83038a61e414868d77fcdafc2e5648f2bbab3ea95b40753d7fa0fb0ae |
| SHA512 | 33d7c0a117ab9d9f25b0b4f434362f11044320768f786a3c5cbe040775955b15b9068e9dbfa8e14ced06643cd442b72d35925ef6e1420f5eeb1dad574d8b6f0d |
C:\Program Files (x86)\bxfzbfddeykolsmwmwbxfz.fdd
| MD5 | c612958bbbad685e7dca028f29e1883e |
| SHA1 | 31db126919af796811df3292f644fced445032d3 |
| SHA256 | 08cb4d4a85561bcb3e9b58e17b9091f3bd952f56bb79ab63ac2e26a5414f805c |
| SHA512 | a140545c3d2e59248d06337f134d5b7ba3ee7309a6220fd703403dc5b5b4c51991219325fcd90b832c912b0af5f1682ff1eb329ebd4e37186a1d2c7a095b6fd8 |