Analysis Overview
SHA256
084500d412b1e0afe88f92170791f9045e76c35c1bf57b9e912aaab2bcd1ff6d
Threat Level: Known bad
The file JaffaCakes118_b74f8691313be0c724b71d356c4b9b40 was found to be: Known bad.
Malicious Activity Summary
Pykspa family
UAC bypass
Modifies WinLogon for persistence
Pykspa
Detect Pykspa worm
Adds policy Run key to start application
Disables RegEdit via registry modification
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Checks computer location settings
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Adds Run key to start application
Looks up external IP address via web service
Drops file in System32 directory
Drops autorun.inf file
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-14 09:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-14 09:53
Reported
2025-04-14 09:56
Platform
win10v2004-20250410-en
Max time kernel
49s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\yfosbcq = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rvbc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\Control Panel\International\Geo\Nation | C:\Windows\evocvgeofxbwkitub.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "lfbsocdqkfmkbcqueihb.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "evocvgeofxbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "avskhwymhdlkcetyjoojg.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "lfbsocdqkfmkbcqueihb.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "nfzoiutewpuqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "avskhwymhdlkcetyjoojg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvfkuwlm = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "evocvgeofxbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sdqylqimxjh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "nfzoiutewpuqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nfzoiutewpuqfeqsac.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "nfzoiutewpuqfeqsac.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\xhtamqhkuf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe ." | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avskhwymhdlkcetyjoojg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "avskhwymhdlkcetyjoojg.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yrmcxkkwpjpmccpsbec.exe" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\afmov = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evocvgeofxbwkitub.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "yrmcxkkwpjpmccpsbec.exe ." | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xnfskuraqhkeroyy.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3078542121-369484597-920690335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\enyepsikt = "evocvgeofxbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\lrzckk = "evocvgeofxbwkitub.exe ." | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\afmov = "lfbsocdqkfmkbcqueihb.exe" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File created | C:\Windows\SysWOW64\afmovugejphqsedsncmryahgsqv.tce | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File created | C:\Windows\SysWOW64\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File created | C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File created | C:\Program Files (x86)\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\afmovugejphqsedsncmryahgsqv.tce | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\yrmcxkkwpjpmccpsbec.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\xnfskuraqhkeroyy.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File created | C:\Windows\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\rnlecsvkgdmmfiyeqwxtrk.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\avskhwymhdlkcetyjoojg.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\evocvgeofxbwkitub.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\nfzoiutewpuqfeqsac.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| File opened for modification | C:\Windows\lfbsocdqkfmkbcqueihb.exe | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\nfzoiutewpuqfeqsac.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\xnfskuraqhkeroyy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\avskhwymhdlkcetyjoojg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evocvgeofxbwkitub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\lrzckk.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b74f8691313be0c724b71d356c4b9b40.exe"
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b74f8691313be0c724b71d356c4b9b40.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
"C:\Users\Admin\AppData\Local\Temp\lrzckk.exe" "-C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe"
C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
"C:\Users\Admin\AppData\Local\Temp\lrzckk.exe" "-C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\nfzoiutewpuqfeqsac.exe*."
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe
C:\Users\Admin\AppData\Local\Temp\avskhwymhdlkcetyjoojg.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\avskhwymhdlkcetyjoojg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\xnfskuraqhkeroyy.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\nfzoiutewpuqfeqsac.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evocvgeofxbwkitub.exe .
C:\Windows\evocvgeofxbwkitub.exe
evocvgeofxbwkitub.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c lfbsocdqkfmkbcqueihb.exe .
C:\Windows\lfbsocdqkfmkbcqueihb.exe
lfbsocdqkfmkbcqueihb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Users\Admin\AppData\Local\Temp\xnfskuraqhkeroyy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\avskhwymhdlkcetyjoojg.exe*."
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\lfbsocdqkfmkbcqueihb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\lfbsocdqkfmkbcqueihb.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe
C:\Users\Admin\AppData\Local\Temp\evocvgeofxbwkitub.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\users\admin\appdata\local\temp\evocvgeofxbwkitub.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe .
C:\Windows\avskhwymhdlkcetyjoojg.exe
avskhwymhdlkcetyjoojg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\yrmcxkkwpjpmccpsbec.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c xnfskuraqhkeroyy.exe .
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\yrmcxkkwpjpmccpsbec.exe
yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yrmcxkkwpjpmccpsbec.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\nfzoiutewpuqfeqsac.exe
nfzoiutewpuqfeqsac.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c avskhwymhdlkcetyjoojg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c nfzoiutewpuqfeqsac.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\nfzoiutewpuqfeqsac.exe .
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
"C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe" "c:\windows\xnfskuraqhkeroyy.exe*."
C:\Windows\xnfskuraqhkeroyy.exe
xnfskuraqhkeroyy.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yrmcxkkwpjpmccpsbec.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.21.74.56:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| GB | 2.22.69.9:80 | www.ebay.com | tcp |
| RU | 95.189.55.58:14446 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | asyucmqwso.com | udp |
| US | 8.8.8.8:53 | zctequzmf.com | udp |
| US | 8.8.8.8:53 | sioouywkemuc.org | udp |
| US | 8.8.8.8:53 | fqjigdyg.info | udp |
| US | 8.8.8.8:53 | lgngijntcjhm.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | yehckg.info | udp |
| US | 8.8.8.8:53 | tndvbuzy.info | udp |
| US | 8.8.8.8:53 | doryvejyh.com | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | skimvob.net | udp |
| US | 8.8.8.8:53 | zwvaapui.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | boazurwzck.info | udp |
| US | 8.8.8.8:53 | uotewdbrzo.info | udp |
| US | 8.8.8.8:53 | vwgvzgdurh.net | udp |
| US | 8.8.8.8:53 | ioaiqcikuc.org | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | ptbvyatvvj.info | udp |
| US | 8.8.8.8:53 | hyrude.info | udp |
| US | 8.8.8.8:53 | aikuwcquuiko.com | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | mcfbkit.info | udp |
| US | 8.8.8.8:53 | coeizkpwdk.info | udp |
| US | 8.8.8.8:53 | mqtkbipeziq.info | udp |
| US | 8.8.8.8:53 | biytqasfdu.net | udp |
| US | 8.8.8.8:53 | pnjoxjy.info | udp |
| US | 8.8.8.8:53 | bflnme.net | udp |
| US | 8.8.8.8:53 | qgyyoiiw.com | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | lnzroglj.info | udp |
| US | 8.8.8.8:53 | lrymlrdtjbhd.info | udp |
| US | 8.8.8.8:53 | ittsyzrrjm.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | wgxyrutqp.info | udp |
| US | 8.8.8.8:53 | htpwvvnsf.org | udp |
| US | 8.8.8.8:53 | aondtqt.net | udp |
| US | 8.8.8.8:53 | qntaoel.info | udp |
| US | 8.8.8.8:53 | movgfsdwr.info | udp |
| LV | 78.84.218.4:27356 | tcp | |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | hsbosicqc.info | udp |
| US | 8.8.8.8:53 | bqqvlkfbpoxe.net | udp |
| US | 8.8.8.8:53 | umwijwj.info | udp |
| US | 8.8.8.8:53 | iytodsbisuo.net | udp |
| US | 8.8.8.8:53 | ptwksw.info | udp |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | evwwmude.info | udp |
| US | 8.8.8.8:53 | ldbart.info | udp |
| US | 8.8.8.8:53 | yblddsaaif.net | udp |
| US | 8.8.8.8:53 | judsuewse.com | udp |
| US | 8.8.8.8:53 | xmsipppsr.com | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | wviozv.net | udp |
| US | 8.8.8.8:53 | aetipoxybr.info | udp |
| US | 8.8.8.8:53 | qakcrppsbzw.info | udp |
| US | 8.8.8.8:53 | oklmael.net | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | ndjvtnngrz.net | udp |
| US | 8.8.8.8:53 | iljkjae.net | udp |
| US | 8.8.8.8:53 | hwblsehcjwn.info | udp |
| US | 8.8.8.8:53 | bvjgxcelqp.net | udp |
| US | 8.8.8.8:53 | vcjcrgw.com | udp |
| US | 8.8.8.8:53 | okcspymtuedo.net | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | xloqzvsr.net | udp |
| US | 8.8.8.8:53 | kiimoaok.com | udp |
| US | 8.8.8.8:53 | pudsnxcxfczc.info | udp |
| US | 8.8.8.8:53 | xyfpah.net | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | noxycgxidn.net | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | bynbfmxjn.com | udp |
| US | 8.8.8.8:53 | gmvoppxtkgt.net | udp |
| US | 8.8.8.8:53 | moweocmwaa.com | udp |
| US | 8.8.8.8:53 | rzinhia.com | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | bynqxfrqtzpw.net | udp |
| US | 8.8.8.8:53 | kyvsyxnidsg.net | udp |
| US | 8.8.8.8:53 | mckskvvaki.net | udp |
| US | 8.8.8.8:53 | dgvmrsxm.info | udp |
| US | 8.8.8.8:53 | jopktjmt.net | udp |
| US | 8.8.8.8:53 | quxaukpwt.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | dlpbiolepj.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | vouctivsggf.com | udp |
| US | 8.8.8.8:53 | yckmou.org | udp |
| US | 8.8.8.8:53 | kswyca.com | udp |
| US | 8.8.8.8:53 | kcqcyuau.com | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | qlqufaxrp.info | udp |
| US | 8.8.8.8:53 | tdztzsqy.info | udp |
| US | 8.8.8.8:53 | ezrmjlw.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| BG | 92.247.201.209:38201 | tcp | |
| US | 8.8.8.8:53 | sayavg.net | udp |
| US | 8.8.8.8:53 | kgmgkawemm.com | udp |
| US | 8.8.8.8:53 | vezavqvndj.net | udp |
| US | 8.8.8.8:53 | ugeokmwomu.com | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | xqucue.net | udp |
| US | 8.8.8.8:53 | pipodqivxs.info | udp |
| US | 8.8.8.8:53 | qhzvdmxbwl.net | udp |
| US | 8.8.8.8:53 | kfpyjkdkhul.info | udp |
| US | 8.8.8.8:53 | igyyyo.org | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | foasctjambzh.info | udp |
| US | 8.8.8.8:53 | ejkugfxutrxy.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | yqxorcfuj.info | udp |
| US | 8.8.8.8:53 | fubbhwv.com | udp |
| US | 8.8.8.8:53 | uahsukjptgj.net | udp |
| US | 8.8.8.8:53 | xzaxqg.info | udp |
| US | 8.8.8.8:53 | hbezcutd.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | eszjkq.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | hhibvfrueu.info | udp |
| US | 8.8.8.8:53 | hafbavpa.net | udp |
| US | 8.8.8.8:53 | nalmtvn.com | udp |
| US | 8.8.8.8:53 | javezcv.info | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | kybtfr.info | udp |
| US | 8.8.8.8:53 | ikkeyoyo.com | udp |
| US | 8.8.8.8:53 | kcdbbrxrgigv.net | udp |
| US | 8.8.8.8:53 | clhxnkhgamhd.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | wxmsgbyxfx.info | udp |
| US | 8.8.8.8:53 | ewvclsvwi.info | udp |
| US | 8.8.8.8:53 | cymaokemakyi.org | udp |
| BG | 78.128.94.67:36130 | tcp | |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | nhuylajs.net | udp |
| US | 8.8.8.8:53 | nobwkgf.org | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | eljlorggpu.info | udp |
| US | 8.8.8.8:53 | gjastpdhlgpt.info | udp |
| US | 8.8.8.8:53 | qamcqebhhwj.info | udp |
| US | 8.8.8.8:53 | xklcckrjgga.com | udp |
| US | 8.8.8.8:53 | zwwecqacpse.org | udp |
| US | 8.8.8.8:53 | fqtrhnhaq.net | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | ukecaioess.org | udp |
| US | 8.8.8.8:53 | cemeym.com | udp |
| US | 8.8.8.8:53 | qgmwycoiqe.org | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | fhrlcnqxjo.net | udp |
| US | 8.8.8.8:53 | caoymmyquweu.org | udp |
| BG | 77.77.28.177:14149 | tcp | |
| US | 8.8.8.8:53 | kpbaszrplr.info | udp |
| US | 8.8.8.8:53 | lnsdxxdzlr.info | udp |
| US | 8.8.8.8:53 | ginaolen.net | udp |
| US | 8.8.8.8:53 | juvjtcxmbcj.org | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | jxudjpfp.net | udp |
| US | 8.8.8.8:53 | fodqdo.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | ialjnoyc.net | udp |
| US | 8.8.8.8:53 | uafwbzlrusn.net | udp |
| US | 8.8.8.8:53 | firgsip.info | udp |
| US | 8.8.8.8:53 | vipwtkjs.net | udp |
| US | 8.8.8.8:53 | rwuekogqoj.info | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | zgvivlfmh.org | udp |
| US | 8.8.8.8:53 | kedyoyywu.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | xqneoci.com | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | ertvno.info | udp |
| US | 8.8.8.8:53 | hkpgakl.org | udp |
| US | 8.8.8.8:53 | kxiwerlzfi.net | udp |
| US | 8.8.8.8:53 | ueqsqqwuuu.org | udp |
| US | 8.8.8.8:53 | uvjfwvqcmn.info | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | sfnhpoh.net | udp |
| US | 8.8.8.8:53 | fyxshoawfmk.org | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | ltjxqtelmjsp.info | udp |
| US | 8.8.8.8:53 | ljqlqdti.info | udp |
| US | 8.8.8.8:53 | otvnilhx.info | udp |
| US | 8.8.8.8:53 | ppqirsono.com | udp |
| US | 8.8.8.8:53 | mqoksgcm.com | udp |
| US | 8.8.8.8:53 | imbwpmrwrhd.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | saiqcwkeoy.org | udp |
| US | 8.8.8.8:53 | ghpvqgnekiva.net | udp |
| US | 8.8.8.8:53 | secafox.net | udp |
| US | 8.8.8.8:53 | ejzkxe.net | udp |
| US | 8.8.8.8:53 | jkvcxzjvq.org | udp |
| US | 8.8.8.8:53 | loyujoe.info | udp |
| US | 8.8.8.8:53 | aupdexfxetwp.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | hyujziq.net | udp |
| US | 8.8.8.8:53 | jtdmxrxms.info | udp |
| US | 8.8.8.8:53 | fmfpvqbrpkxr.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | tqfodplkyvis.info | udp |
| US | 8.8.8.8:53 | zbfwaagzl.net | udp |
| US | 8.8.8.8:53 | umyqoiomog.org | udp |
| US | 8.8.8.8:53 | babmpzyxbpbx.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | zhzabl.net | udp |
| US | 8.8.8.8:53 | nctksil.info | udp |
| US | 8.8.8.8:53 | iwjfbzzag.info | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | lyjbun.net | udp |
| US | 8.8.8.8:53 | nadifhn.net | udp |
| CZ | 213.250.202.46:18259 | tcp | |
| US | 8.8.8.8:53 | mmvjhuh.net | udp |
| US | 8.8.8.8:53 | tbjrhnhajizz.net | udp |
| US | 8.8.8.8:53 | cyrfhsb.net | udp |
| US | 8.8.8.8:53 | rlpjcaldsroh.net | udp |
| US | 8.8.8.8:53 | updnps.info | udp |
| US | 8.8.8.8:53 | wojwfel.net | udp |
| US | 8.8.8.8:53 | ebqdvyr.net | udp |
| US | 8.8.8.8:53 | yhvupuyodsy.net | udp |
| US | 8.8.8.8:53 | yuyuaaeeguys.com | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | bzazez.info | udp |
| US | 8.8.8.8:53 | lvokxt.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jjdtpinl.info | udp |
| US | 8.8.8.8:53 | zbngjcqhgdn.com | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | lnwwjrmolow.org | udp |
| US | 8.8.8.8:53 | nazafu.info | udp |
| US | 8.8.8.8:53 | hkpitkrcvuck.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | hjjdaohx.info | udp |
| US | 8.8.8.8:53 | pcqscatdlcp.org | udp |
| US | 8.8.8.8:53 | nojnuuiyi.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | zowbtnlsqlxs.net | udp |
| US | 8.8.8.8:53 | oudyxksirgr.info | udp |
| US | 8.8.8.8:53 | qigxglwcbro.info | udp |
| US | 8.8.8.8:53 | ipqvmtco.info | udp |
| US | 8.8.8.8:53 | fundpqswvju.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | lmzbpmtefoh.info | udp |
| US | 8.8.8.8:53 | cuoeinpxs.info | udp |
| US | 8.8.8.8:53 | njaujcw.com | udp |
| US | 8.8.8.8:53 | oeuiaqky.org | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | okhcsv.net | udp |
| US | 8.8.8.8:53 | onswdwcvanvo.info | udp |
| US | 8.8.8.8:53 | fcxolbfnpi.info | udp |
| US | 8.8.8.8:53 | cyswuoeeiq.org | udp |
| US | 8.8.8.8:53 | ftczfn.net | udp |
| US | 8.8.8.8:53 | vdxytu.net | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | ptasdrwvk.com | udp |
| US | 8.8.8.8:53 | zpicpyje.info | udp |
| US | 8.8.8.8:53 | ygqsou.com | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| BG | 213.231.140.54:18629 | tcp | |
| US | 8.8.8.8:53 | scshgocipjrn.info | udp |
| US | 8.8.8.8:53 | fqjodojek.net | udp |
| US | 8.8.8.8:53 | jdjuwqh.org | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | kjqjcgfqmc.info | udp |
| US | 8.8.8.8:53 | vknwnip.org | udp |
| US | 8.8.8.8:53 | rksuxqw.com | udp |
| US | 8.8.8.8:53 | lkdssrdk.info | udp |
| US | 8.8.8.8:53 | aeuqec.com | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | byliyuvx.info | udp |
| US | 8.8.8.8:53 | svcimt.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | skvunpveqm.info | udp |
| US | 8.8.8.8:53 | rwigvjhys.com | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | vqcudkf.net | udp |
| US | 8.8.8.8:53 | zwxmwffuj.info | udp |
| US | 8.8.8.8:53 | ygmweovw.info | udp |
| US | 8.8.8.8:53 | zapoxcdz.net | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | iaugcm.com | udp |
| US | 8.8.8.8:53 | jqqjgsoldzvj.info | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | whyevwnwxax.net | udp |
| US | 8.8.8.8:53 | ljxgaxcetwqy.info | udp |
| US | 8.8.8.8:53 | gowucu.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | btbwilqnkeit.info | udp |
| US | 8.8.8.8:53 | vozrbedmf.net | udp |
| US | 8.8.8.8:53 | ardlcnjyrzba.net | udp |
| US | 8.8.8.8:53 | dtagpztrwf.net | udp |
| US | 8.8.8.8:53 | uaqqyg.com | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | ftbmfipmypt.info | udp |
| US | 8.8.8.8:53 | nbwhhyzq.info | udp |
| BG | 77.77.28.177:14149 | tcp | |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | pxztvc.net | udp |
| US | 8.8.8.8:53 | oqkeacmqgk.org | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | ekgromxr.info | udp |
| US | 8.8.8.8:53 | zsnqiyrgkkk.info | udp |
| US | 8.8.8.8:53 | yqqeuqmw.com | udp |
| US | 8.8.8.8:53 | pwicdevnnk.net | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | giyiyggm.com | udp |
| US | 8.8.8.8:53 | aaapvrjoodn.info | udp |
| US | 8.8.8.8:53 | dhccxev.info | udp |
| US | 8.8.8.8:53 | ksuuljviijfe.net | udp |
| US | 8.8.8.8:53 | asksucgo.com | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | rfclyyuob.info | udp |
| US | 8.8.8.8:53 | xkzycstqaac.org | udp |
| US | 8.8.8.8:53 | cwegkmca.org | udp |
| US | 8.8.8.8:53 | fwhvms.info | udp |
| US | 8.8.8.8:53 | nobjabiozo.info | udp |
| US | 8.8.8.8:53 | rchkxhvp.net | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | dizywkvw.net | udp |
| US | 8.8.8.8:53 | bhbvewtgdtxv.info | udp |
| US | 8.8.8.8:53 | cztmbzrryxyt.info | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | wiwsrwt.net | udp |
| US | 8.8.8.8:53 | zwhrbbf.info | udp |
| US | 8.8.8.8:53 | xkbjrdt.org | udp |
| US | 8.8.8.8:53 | qergtku.net | udp |
| US | 8.8.8.8:53 | pdwsgzhxqs.info | udp |
| US | 8.8.8.8:53 | wgmcycyg.org | udp |
| US | 8.8.8.8:53 | yiaawysu.com | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | rhrimtdhngfr.net | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | wimayiai.org | udp |
| US | 8.8.8.8:53 | jlpkjwnlvfdh.info | udp |
| US | 8.8.8.8:53 | oqtcogfttc.net | udp |
| US | 8.8.8.8:53 | hxbuskh.net | udp |
| US | 8.8.8.8:53 | lmbzjzx.com | udp |
| US | 8.8.8.8:53 | tsietarqz.org | udp |
| US | 8.8.8.8:53 | pfpati.info | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | jyxavylem.org | udp |
| US | 8.8.8.8:53 | hdhwht.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | mdwzqbhakd.info | udp |
| US | 8.8.8.8:53 | ocnntzjdva.info | udp |
| US | 8.8.8.8:53 | giixdozdwwyk.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | dvbhjmxaietv.info | udp |
| US | 8.8.8.8:53 | ksnkvvfsjww.info | udp |
| US | 8.8.8.8:53 | hujgquptg.org | udp |
| US | 8.8.8.8:53 | lmnytkpyfvp.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| US | 8.8.8.8:53 | qfxcnxa.net | udp |
| TW | 114.25.66.163:32525 | tcp | |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | zdziokmiv.info | udp |
| US | 8.8.8.8:53 | uxlqjic.info | udp |
| US | 8.8.8.8:53 | jpictlccylz.com | udp |
| US | 8.8.8.8:53 | eaaktqnrxm.info | udp |
| US | 8.8.8.8:53 | bynopcdaxak.info | udp |
| US | 8.8.8.8:53 | szpodivq.net | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | hwyjjsbmz.org | udp |
| US | 8.8.8.8:53 | socobjptrpza.net | udp |
| US | 8.8.8.8:53 | hcfxerjo.info | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | ohxihwzjqkrd.info | udp |
| US | 8.8.8.8:53 | sfwuszxuneuh.info | udp |
| US | 8.8.8.8:53 | kfvsvwrbnop.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | vvyzgslndv.info | udp |
| US | 8.8.8.8:53 | vmhxaqhdey.info | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | cpwmxfjy.net | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | dptenslsxb.info | udp |
| US | 8.8.8.8:53 | jowuhubhhgc.net | udp |
| US | 8.8.8.8:53 | forldkzh.net | udp |
| US | 8.8.8.8:53 | ryaufyfgzsv.org | udp |
| US | 8.8.8.8:53 | iapwjub.info | udp |
| US | 8.8.8.8:53 | bidfdqbm.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | ysdjgfjfnynt.net | udp |
| US | 8.8.8.8:53 | nyyfqi.net | udp |
| US | 8.8.8.8:53 | rilvfp.info | udp |
| US | 8.8.8.8:53 | ykvbkvvm.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | tylakiwli.com | udp |
| US | 8.8.8.8:53 | vufinzzow.org | udp |
| US | 8.8.8.8:53 | vgjclsxcjsf.net | udp |
| US | 8.8.8.8:53 | jonjadfo.net | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | hilsfa.info | udp |
| US | 8.8.8.8:53 | duxkrwx.net | udp |
| US | 8.8.8.8:53 | yuqmbrm.net | udp |
| US | 8.8.8.8:53 | uwhyfxkce.info | udp |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | asjisejgl.net | udp |
| US | 8.8.8.8:53 | uutegeyinkf.net | udp |
| US | 8.8.8.8:53 | jsglwfrbtg.info | udp |
| US | 8.8.8.8:53 | cmbjpdeak.net | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | iizkvixpfqf.net | udp |
| RO | 91.239.128.186:34591 | tcp | |
| US | 8.8.8.8:53 | uqpinafsn.info | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | acgsaiau.com | udp |
| US | 8.8.8.8:53 | qkfcztfoj.net | udp |
| US | 8.8.8.8:53 | huuykmy.net | udp |
| US | 8.8.8.8:53 | txdduuodth.info | udp |
| US | 8.8.8.8:53 | rsnwtkzrysev.info | udp |
| US | 8.8.8.8:53 | oodzhvjmnafp.info | udp |
| US | 8.8.8.8:53 | xtnbfo.net | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | auecuqsoic.com | udp |
| US | 8.8.8.8:53 | gfnwlf.net | udp |
| US | 8.8.8.8:53 | eimmgikc.org | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | hudwzmbmdfmi.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | vdzoiea.info | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | vgxgzewucgu.info | udp |
| US | 8.8.8.8:53 | jltwbqn.net | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | smvmnexqnqc.net | udp |
| US | 8.8.8.8:53 | nkhzupdeex.net | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | fmvqphnmh.com | udp |
| US | 8.8.8.8:53 | mkwijetne.net | udp |
| US | 8.8.8.8:53 | odnunidwyets.net | udp |
| US | 8.8.8.8:53 | aqdhtlqcrv.info | udp |
| US | 8.8.8.8:53 | cldhikbdlh.info | udp |
| US | 8.8.8.8:53 | zewlpp.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| US | 8.8.8.8:53 | rwzefablv.net | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | fybarnc.info | udp |
| US | 8.8.8.8:53 | jwpjneblygd.com | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | awvuvchmmol.info | udp |
| US | 8.8.8.8:53 | clpxlv.net | udp |
| US | 8.8.8.8:53 | ubbflhvz.info | udp |
| US | 8.8.8.8:53 | fknwfojqjam.net | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | ucuycq.com | udp |
| US | 8.8.8.8:53 | vymelbrup.org | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | dpqifsez.net | udp |
| US | 8.8.8.8:53 | epynholg.net | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | ktdvtnm.net | udp |
| US | 8.8.8.8:53 | emookwkcagym.com | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | scxpacz.info | udp |
| US | 8.8.8.8:53 | napglxr.net | udp |
| US | 8.8.8.8:53 | paryrfvhlu.info | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | pbbdwivhqvo.net | udp |
| US | 8.8.8.8:53 | suocddlavus.net | udp |
| US | 8.8.8.8:53 | dgpebixchmt.com | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | uaqmwcqm.com | udp |
| US | 8.8.8.8:53 | hsfoub.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | cvfyvsoy.info | udp |
| US | 8.8.8.8:53 | cmnixqgof.info | udp |
| US | 8.8.8.8:53 | ptxefxn.info | udp |
| US | 8.8.8.8:53 | rwctbax.net | udp |
| US | 8.8.8.8:53 | pkqsuftgj.org | udp |
| US | 8.8.8.8:53 | zhtwhmle.info | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | tvnjempef.net | udp |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | cwdgjoryenl.info | udp |
| US | 8.8.8.8:53 | botzemvkgur.info | udp |
| US | 8.8.8.8:53 | rmcutekuvyx.info | udp |
| US | 8.8.8.8:53 | zytspqu.com | udp |
| KZ | 178.91.38.71:37040 | tcp | |
| US | 8.8.8.8:53 | aycsky.org | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | firbfgqk.net | udp |
| US | 8.8.8.8:53 | vuzrdhtnrr.net | udp |
| US | 8.8.8.8:53 | mozwuqi.info | udp |
| US | 8.8.8.8:53 | odzftmnrdyr.info | udp |
| US | 8.8.8.8:53 | ugxibmj.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | sgbycngah.net | udp |
| US | 8.8.8.8:53 | raxkdwhszel.org | udp |
| US | 8.8.8.8:53 | cddrkcb.info | udp |
| US | 8.8.8.8:53 | uiceesz.info | udp |
| US | 8.8.8.8:53 | vmbslbjgjes.com | udp |
| US | 8.8.8.8:53 | fcmxrcusdb.net | udp |
| US | 8.8.8.8:53 | oukucokekagi.com | udp |
| US | 8.8.8.8:53 | pjeqnw.net | udp |
| US | 8.8.8.8:53 | awqyug.org | udp |
| US | 8.8.8.8:53 | dkhlvwpwsurs.net | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | kasakiikoa.org | udp |
| US | 8.8.8.8:53 | yauome.org | udp |
| US | 8.8.8.8:53 | mxwilwaidqxn.info | udp |
| US | 8.8.8.8:53 | xguinair.info | udp |
| US | 8.8.8.8:53 | xwtdloi.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | lqzuvin.net | udp |
| US | 8.8.8.8:53 | yhfofeqthrj.net | udp |
| US | 8.8.8.8:53 | hslmnixcvim.net | udp |
| US | 8.8.8.8:53 | usfrfkxeztg.info | udp |
| US | 8.8.8.8:53 | cxtdmrttxz.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | xkriosp.com | udp |
| US | 8.8.8.8:53 | ijtppgrcld.info | udp |
| US | 8.8.8.8:53 | naxnoyy.net | udp |
| US | 8.8.8.8:53 | ptzrhn.info | udp |
| US | 8.8.8.8:53 | hfvkcej.info | udp |
| US | 8.8.8.8:53 | zwinbqgsmg.net | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| KZ | 95.58.12.59:21832 | tcp | |
| US | 8.8.8.8:53 | wkrbdr.net | udp |
| US | 8.8.8.8:53 | lnanjh.info | udp |
| US | 8.8.8.8:53 | qcttkjtqh.info | udp |
| US | 8.8.8.8:53 | nafowtt.net | udp |
| US | 8.8.8.8:53 | vqmttml.com | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | qdsgkm.info | udp |
| US | 8.8.8.8:53 | yojyjxozz.info | udp |
| US | 8.8.8.8:53 | havcusv.org | udp |
| US | 8.8.8.8:53 | uoimkp.net | udp |
| US | 8.8.8.8:53 | csogagmkek.com | udp |
| US | 8.8.8.8:53 | piycqexj.info | udp |
| US | 8.8.8.8:53 | zxirnyrwc.info | udp |
| US | 8.8.8.8:53 | cwsrdedg.info | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | wsksucgg.com | udp |
| US | 8.8.8.8:53 | wjfqcwhwayd.info | udp |
| US | 8.8.8.8:53 | upjymsnpj.info | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | lkdfbshvrupv.net | udp |
| US | 8.8.8.8:53 | megerxmtcz.info | udp |
| US | 8.8.8.8:53 | zhmmgbpjty.net | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | cdvtpnayh.info | udp |
| US | 8.8.8.8:53 | qskomm.org | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | dahqzsbgq.com | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | qmvxqytwv.info | udp |
| US | 8.8.8.8:53 | iouqgiog.org | udp |
| US | 8.8.8.8:53 | nyresspqn.info | udp |
| US | 8.8.8.8:53 | fxyxxeks.info | udp |
| US | 8.8.8.8:53 | yqsaem.com | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | vkhtrespzx.info | udp |
| US | 8.8.8.8:53 | fodswmrsv.org | udp |
| US | 8.8.8.8:53 | jpgbbgpi.net | udp |
| US | 8.8.8.8:53 | wvpqvnhs.net | udp |
| US | 8.8.8.8:53 | eqcwnx.info | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | bktcqmpdy.info | udp |
| US | 8.8.8.8:53 | zrapdv.net | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | ssareehbrp.net | udp |
| US | 8.8.8.8:53 | yyhqkmcfww.net | udp |
| US | 8.8.8.8:53 | lgumhqlobcd.net | udp |
| US | 8.8.8.8:53 | xevgjq.info | udp |
| US | 8.8.8.8:53 | vxbpjwtqi.info | udp |
| US | 8.8.8.8:53 | sllkhuszsuzt.net | udp |
| US | 8.8.8.8:53 | clvdfupwy.net | udp |
| US | 8.8.8.8:53 | wpxcrz.info | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| RU | 109.110.50.202:25607 | tcp | |
| US | 8.8.8.8:53 | rhqunaow.info | udp |
| US | 8.8.8.8:53 | tinfvirjpax.info | udp |
| US | 8.8.8.8:53 | hdxfzbpnluke.net | udp |
| US | 8.8.8.8:53 | gkfagmip.info | udp |
| US | 8.8.8.8:53 | wuyamjhrhyuw.info | udp |
| US | 8.8.8.8:53 | ouygywyu.org | udp |
| US | 8.8.8.8:53 | kltyamkuex.net | udp |
| US | 8.8.8.8:53 | uaoqoucsaakk.com | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | kprckfdmfob.net | udp |
| US | 8.8.8.8:53 | eyyyis.org | udp |
| US | 8.8.8.8:53 | cecrfwhwtroo.info | udp |
| US | 8.8.8.8:53 | uybazwfqrxr.info | udp |
| US | 8.8.8.8:53 | zuloqvku.net | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | giqauouqqmkm.com | udp |
| US | 8.8.8.8:53 | tjagypmeal.info | udp |
| US | 8.8.8.8:53 | okoinuwltuz.info | udp |
| US | 8.8.8.8:53 | wcfezihlr.net | udp |
| US | 8.8.8.8:53 | hykikzdidpzi.info | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | lcthla.info | udp |
| US | 8.8.8.8:53 | elqtcmlahg.net | udp |
| US | 8.8.8.8:53 | lzwgpqnxhy.net | udp |
| US | 8.8.8.8:53 | gukhocvihudn.net | udp |
| US | 8.8.8.8:53 | aimgoy.com | udp |
| US | 8.8.8.8:53 | ttnpvvkkmw.info | udp |
| US | 8.8.8.8:53 | daachsffi.net | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | himxcrep.info | udp |
| US | 8.8.8.8:53 | gkxxvorb.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | fwgwckfcfsz.org | udp |
| US | 8.8.8.8:53 | eojlzu.net | udp |
| US | 8.8.8.8:53 | qwwideqblqb.net | udp |
| US | 8.8.8.8:53 | usyoiymway.org | udp |
| US | 8.8.8.8:53 | lynxnomvvwp.net | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | fpzwmmrebv.net | udp |
| US | 8.8.8.8:53 | aialdwz.info | udp |
| US | 8.8.8.8:53 | zvhavss.info | udp |
| US | 8.8.8.8:53 | hipmpajjra.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | ckyeqgrazyd.net | udp |
| US | 8.8.8.8:53 | csphlpv.info | udp |
| US | 8.8.8.8:53 | inngezqe.net | udp |
| US | 8.8.8.8:53 | vmzkhybal.com | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | ebrbxierrmtd.net | udp |
| US | 8.8.8.8:53 | tnfqxaf.com | udp |
| US | 8.8.8.8:53 | lyokfun.net | udp |
| US | 8.8.8.8:53 | rslqlylwxhp.com | udp |
| US | 8.8.8.8:53 | yemyckkmkk.org | udp |
| US | 8.8.8.8:53 | geoaded.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| BG | 77.236.171.20:33144 | tcp | |
| US | 8.8.8.8:53 | asgeowgk.com | udp |
| US | 8.8.8.8:53 | jcgnqwtifgp.com | udp |
| US | 8.8.8.8:53 | itaormua.info | udp |
| US | 8.8.8.8:53 | smmsvtzorejh.info | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | wbpsctjc.net | udp |
| US | 8.8.8.8:53 | eckwae.org | udp |
| US | 8.8.8.8:53 | zmtmgzmsoxfj.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | fcjwziatfqe.net | udp |
| US | 8.8.8.8:53 | oxxrzfxtf.net | udp |
| US | 8.8.8.8:53 | yoensg.info | udp |
| US | 8.8.8.8:53 | zghcrlfnmtia.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | xgrurgokxvb.info | udp |
| US | 8.8.8.8:53 | zgniyzxgvcq.info | udp |
| US | 8.8.8.8:53 | gqfiwfmm.info | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | rvxacy.net | udp |
| US | 8.8.8.8:53 | rlgzsbuk.info | udp |
| US | 8.8.8.8:53 | otazhhf.info | udp |
| US | 8.8.8.8:53 | hlrobkzj.info | udp |
| US | 8.8.8.8:53 | hummglka.net | udp |
| US | 8.8.8.8:53 | goeieghozql.info | udp |
| US | 8.8.8.8:53 | hppnegnnvdte.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | dasnharfxh.info | udp |
| US | 8.8.8.8:53 | uqmgms.org | udp |
| US | 8.8.8.8:53 | ouhcxfvpfbpb.info | udp |
| US | 8.8.8.8:53 | mymoey.org | udp |
| US | 8.8.8.8:53 | qisiai.com | udp |
| HK | 47.242.162.24:80 | qisiai.com | tcp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | euuaaon.net | udp |
| US | 8.8.8.8:53 | dykxpx.info | udp |
| US | 8.8.8.8:53 | tuhvrdel.info | udp |
| RU | 109.171.90.106:22110 | tcp | |
| US | 8.8.8.8:53 | zcskos.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | dfnnrje.org | udp |
| US | 8.8.8.8:53 | pzfiwqyqxbs.com | udp |
| US | 8.8.8.8:53 | bfsklthmls.info | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | wukcbxfcxdc.net | udp |
| US | 8.8.8.8:53 | eqxycetq.net | udp |
| US | 8.8.8.8:53 | joonzqksh.org | udp |
| US | 8.8.8.8:53 | kueiyoug.org | udp |
| US | 8.8.8.8:53 | ugjyfpgfl.net | udp |
| US | 8.8.8.8:53 | uihuolfkt.net | udp |
| US | 8.8.8.8:53 | bstybvfjv.com | udp |
| US | 8.8.8.8:53 | jbacuchohmfp.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | auogaseguc.org | udp |
| US | 8.8.8.8:53 | gxifzmtmdmd.net | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | aqtnsvdtri.net | udp |
| US | 8.8.8.8:53 | nayrcqrc.info | udp |
| US | 8.8.8.8:53 | awsowmcmwy.org | udp |
| US | 8.8.8.8:53 | khatprlscnrf.info | udp |
| US | 8.8.8.8:53 | kxdavijru.info | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | iknwzonufar.net | udp |
| US | 8.8.8.8:53 | rutolinym.info | udp |
| MD | 37.75.121.125:14721 | tcp | |
| US | 8.8.8.8:53 | nrsvarp.net | udp |
| US | 8.8.8.8:53 | pmvstpxm.info | udp |
| US | 8.8.8.8:53 | foaxboj.com | udp |
| US | 8.8.8.8:53 | jxrsguntrqte.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | vfxcjwdkt.net | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | twzkumgrn.info | udp |
| US | 8.8.8.8:53 | tvrgqgaqziy.com | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | btsnbthg.net | udp |
| US | 8.8.8.8:53 | radgbgnvexv.info | udp |
| US | 8.8.8.8:53 | yimwkptojcpm.net | udp |
| US | 8.8.8.8:53 | hamklvptv.net | udp |
| US | 8.8.8.8:53 | bigujmh.info | udp |
| US | 8.8.8.8:53 | djswnin.info | udp |
| US | 8.8.8.8:53 | pynemskeiz.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | dvzupzik.net | udp |
| US | 8.8.8.8:53 | mmoiws.com | udp |
| US | 8.8.8.8:53 | mducygpufzx.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | ebqxxu.net | udp |
| US | 8.8.8.8:53 | fevnrt.info | udp |
| US | 8.8.8.8:53 | plaswwogu.org | udp |
| US | 8.8.8.8:53 | ligfqq.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | csbavublv.net | udp |
| US | 8.8.8.8:53 | owgezktu.net | udp |
| US | 8.8.8.8:53 | dxtssmnfayj.com | udp |
| US | 8.8.8.8:53 | zizfnya.org | udp |
| US | 8.8.8.8:53 | uwfjnsartkdk.info | udp |
| US | 8.8.8.8:53 | dehkhcf.net | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | bcujza.info | udp |
| US | 8.8.8.8:53 | btpqiyzbta.info | udp |
| RU | 95.189.55.58:14446 | tcp | |
| US | 8.8.8.8:53 | pgacpb.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | wltbxaqy.net | udp |
| US | 8.8.8.8:53 | pnfbqhduanpq.info | udp |
| US | 8.8.8.8:53 | nivujolqktz.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | agyuoicmgqmm.com | udp |
| US | 8.8.8.8:53 | gaqewu.org | udp |
| US | 8.8.8.8:53 | suziiyral.net | udp |
| US | 8.8.8.8:53 | zznyjs.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | audgklfnyu.info | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | rwlybwbnvoj.info | udp |
| US | 8.8.8.8:53 | plapldjmi.com | udp |
| US | 8.8.8.8:53 | fivgtmmsw.com | udp |
| US | 8.8.8.8:53 | qksqwckkys.com | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | uooilgh.info | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | ckjumof.net | udp |
| US | 8.8.8.8:53 | ronfjocvgwsp.info | udp |
| US | 8.8.8.8:53 | salkkys.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | callxbzyrkz.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | rdmsbqjccvv.net | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | gmewyg.com | udp |
| US | 8.8.8.8:53 | rlhmvu.info | udp |
| US | 8.8.8.8:53 | viomrqdwd.info | udp |
| US | 8.8.8.8:53 | hyjodgw.info | udp |
| US | 8.8.8.8:53 | htvyfqdup.org | udp |
| US | 8.8.8.8:53 | hgiqgeranuh.net | udp |
| US | 8.8.8.8:53 | zubjxcfgeex.info | udp |
| US | 8.8.8.8:53 | cewgruml.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | jfeydnpyn.org | udp |
| US | 8.8.8.8:53 | miqmcw.org | udp |
| US | 8.8.8.8:53 | fmpulsr.info | udp |
| US | 8.8.8.8:53 | aiyuqebb.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | tltswyl.net | udp |
| US | 8.8.8.8:53 | qyoaskcgqc.com | udp |
| US | 8.8.8.8:53 | rpellsmrymr.com | udp |
| US | 8.8.8.8:53 | jvmcmvvkhwtf.info | udp |
| MK | 31.11.76.79:43722 | tcp | |
| US | 8.8.8.8:53 | pxcdfqk.com | udp |
| US | 8.8.8.8:53 | wqmqyiaeymsq.com | udp |
| US | 8.8.8.8:53 | pyaeeynap.net | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | dxpryx.info | udp |
| US | 8.8.8.8:53 | aebrbrznaiz.info | udp |
| US | 8.8.8.8:53 | qigyqmgqii.com | udp |
| US | 8.8.8.8:53 | jiqvkqsc.net | udp |
| US | 8.8.8.8:53 | dwrxxwr.net | udp |
| US | 8.8.8.8:53 | yyazfelydch.net | udp |
| US | 8.8.8.8:53 | sgrrorisnneh.info | udp |
| US | 8.8.8.8:53 | zkhkfyrmsoz.net | udp |
| US | 8.8.8.8:53 | jirvheawi.info | udp |
| US | 8.8.8.8:53 | cgzqtowog.info | udp |
| US | 8.8.8.8:53 | uzrxraff.info | udp |
| US | 8.8.8.8:53 | caseiusauewy.com | udp |
| US | 8.8.8.8:53 | qeasooggkkye.org | udp |
| US | 8.8.8.8:53 | jnhmwo.info | udp |
| US | 8.8.8.8:53 | brfejft.org | udp |
| US | 8.8.8.8:53 | favalue.info | udp |
| US | 8.8.8.8:53 | ajkddkb.net | udp |
| US | 8.8.8.8:53 | ebmysqefufzp.net | udp |
| US | 8.8.8.8:53 | pmnepmfgk.info | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| US | 8.8.8.8:53 | uwoageowycmg.com | udp |
| US | 8.8.8.8:53 | vtpwjergy.net | udp |
| US | 8.8.8.8:53 | zurigindbkk.com | udp |
| US | 8.8.8.8:53 | bigyuhtjnee.info | udp |
| US | 8.8.8.8:53 | tmrojlas.net | udp |
| US | 8.8.8.8:53 | kcryxrris.info | udp |
| US | 8.8.8.8:53 | dlswmfbe.info | udp |
| US | 8.8.8.8:53 | eyhihop.info | udp |
| US | 8.8.8.8:53 | cunmhkmkw.info | udp |
| US | 8.8.8.8:53 | giekgyskeiik.org | udp |
| US | 8.8.8.8:53 | zrfmzybktgg.info | udp |
| US | 8.8.8.8:53 | bavppixu.net | udp |
| US | 8.8.8.8:53 | dsxudsjkzov.com | udp |
| US | 8.8.8.8:53 | weuvrakoze.info | udp |
| US | 8.8.8.8:53 | fkgritslx.org | udp |
| US | 8.8.8.8:53 | ayxelepip.net | udp |
| US | 8.8.8.8:53 | ptpwnlreeaxo.net | udp |
| US | 8.8.8.8:53 | zdfabfgpbv.info | udp |
| US | 8.8.8.8:53 | aieaqoasmwuk.com | udp |
| US | 8.8.8.8:53 | itmlhzkyld.net | udp |
| US | 8.8.8.8:53 | sydgvut.info | udp |
| MD | 37.75.121.125:14721 | tcp | |
| US | 8.8.8.8:53 | wihuylvihss.info | udp |
| US | 8.8.8.8:53 | trvffbiqdh.info | udp |
| US | 8.8.8.8:53 | cmylgwjfvjsz.info | udp |
| US | 8.8.8.8:53 | dobddgn.info | udp |
| US | 8.8.8.8:53 | eeeiusoc.com | udp |
| US | 8.8.8.8:53 | ymuyuyiyoa.com | udp |
| US | 8.8.8.8:53 | dtstyn.net | udp |
| US | 8.8.8.8:53 | hepsyjgvjvka.net | udp |
| US | 8.8.8.8:53 | qeqohxhh.info | udp |
| US | 8.8.8.8:53 | kkkekekiue.com | udp |
| US | 8.8.8.8:53 | zbqtpeerkb.net | udp |
| US | 8.8.8.8:53 | dcxknxpy.net | udp |
| US | 8.8.8.8:53 | zuwrljtqss.net | udp |
| US | 8.8.8.8:53 | whdwifwwd.net | udp |
| US | 8.8.8.8:53 | bellqatwhkc.info | udp |
| US | 8.8.8.8:53 | msaeugqyakco.org | udp |
| US | 8.8.8.8:53 | nwuepapxxpif.net | udp |
| US | 8.8.8.8:53 | kagcswsmguis.org | udp |
| US | 8.8.8.8:53 | kgcwsqig.org | udp |
| US | 8.8.8.8:53 | gfyprakc.info | udp |
| US | 8.8.8.8:53 | nwbstster.org | udp |
| US | 8.8.8.8:53 | ibtwwktdhz.info | udp |
| US | 8.8.8.8:53 | tmrxnmjrkb.net | udp |
| US | 8.8.8.8:53 | rxckgphztzyo.net | udp |
| US | 8.8.8.8:53 | wavnhrxw.net | udp |
| US | 8.8.8.8:53 | sqhqrwb.net | udp |
| US | 8.8.8.8:53 | rscaheewbg.net | udp |
| US | 8.8.8.8:53 | uomieuwsgywa.com | udp |
| US | 8.8.8.8:53 | vaxonqp.com | udp |
| US | 8.8.8.8:53 | ggfwboh.net | udp |
| US | 8.8.8.8:53 | sryyhw.net | udp |
| US | 8.8.8.8:53 | bqgmcyl.org | udp |
| US | 8.8.8.8:53 | qfjutozcvyx.net | udp |
| US | 8.8.8.8:53 | fzkrxmam.info | udp |
| US | 8.8.8.8:53 | wpnuzfpjljqt.info | udp |
| US | 8.8.8.8:53 | ycgkucsc.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\bqyqvqrmlai.exe
| MD5 | fdd9adf2de6a1a1433c066254b4ed189 |
| SHA1 | c14f7e8c60af1fbf5a543c0749f4f97fe590b927 |
| SHA256 | 7a59a9c5e74fba9bde69bd0f7e943b9f480f3a23fc504f879252182c78d3209a |
| SHA512 | e190243cc06e957505575a5b1cea32cc560faaeba187828d8adffaba36ca75fe1ff2d898acd2c40ff3af67ef5519afada64a8d49bff507862e31ef22ed853a54 |
C:\Windows\SysWOW64\nfzoiutewpuqfeqsac.exe
| MD5 | b74f8691313be0c724b71d356c4b9b40 |
| SHA1 | a204d8d3fb87e6de59c77498fc9a0ed9bd50d214 |
| SHA256 | 084500d412b1e0afe88f92170791f9045e76c35c1bf57b9e912aaab2bcd1ff6d |
| SHA512 | be13201bf5c29b776c4d259166ccbbfabee4213aa698c25b77b430a66faf02c0af6cf693bf3ea585d49a3db1cad349769486ad0b7351c58bdb123faf3b33012a |
C:\Users\Admin\AppData\Local\Temp\lrzckk.exe
| MD5 | 5cf2cab3034b2f360e6e402f5d47b222 |
| SHA1 | 3b1e526d549d4be2abeadbfffaf07f373b7a91db |
| SHA256 | c7e41fb2d6d01d6fb6eb5f2017c87e48bfc87d7a75ad5d9ba2c1498e1427b31a |
| SHA512 | 069cce634354f454b427505d7b4ac4f9df3505615f185e6b45682ea9be6028c40000ab025fe09e97d73a03aa4907a215a661cebb5243540b9efa9606a9006df9 |
C:\Users\Admin\AppData\Local\afmovugejphqsedsncmryahgsqv.tce
| MD5 | 68d89fa77d0e9f304e8bb395bd5e6e38 |
| SHA1 | 3348b8ef3ea09b2d00a5b0ec652b91f9f6fbbd7e |
| SHA256 | 32b937b765f0a3d3947211496b16d2a1b965bc86a3f88de86be906271958e751 |
| SHA512 | 63c9df7f958fe65db3de7aad236982e8c6ca1a8727a7b33ecb397a06592dcd9967fb49345d0ed65b1794a20f8700d0c2b236ad36cae347686d63e7a15d283958 |
C:\Users\Admin\AppData\Local\xnfskuraqhkeroyyeezphumwtcsjmgtqaaggbr.woy
| MD5 | d79336a08e707cf8c92fbc951d381b91 |
| SHA1 | 6040d2d402840652c5ee734ab051639260e275fa |
| SHA256 | 6dc1cfbf5908e891a049596195fdeb8898fa722fb43cdecc69a3cd92a19826ba |
| SHA512 | 9ca6f1e2d09df3a1123517fb1e65a1fb10f77d8ebbf1f19b59b2bc2e02b0e26e7918f2375dbaaeb4cef6ccc47aedc6d1976c9a5421389e18d627d95a7b178e5c |
C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce
| MD5 | b1478bd384607f78ef665452be09be5a |
| SHA1 | a331d62d4f83569a36c5728b42861c59859af712 |
| SHA256 | 8a1fd51db1295f3483debbb6de11ce338c6e07704862d6e58e72cddcd561c243 |
| SHA512 | 7294d1c867f4b789b313593e09edfe7b9b3defb3976628d2c5c8c642d2a10ea3baf893c34e056123a8e1bae4c070239f60b89c2683b4feab49542fcd7545a220 |
C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce
| MD5 | 3f1e03cfff14c317323be045c68f8325 |
| SHA1 | ddd712cc7f63ec5361c1317926a9b0fb17dc3997 |
| SHA256 | 2ab47c34a850676cff3d90e192bd6e87ab18605ecc2ef2e19dfd5de6ff6a1dc3 |
| SHA512 | 4cf3e1499bf3f06f71e65a7b64602e16f3b2dbadb0270821564732fa10b0a54e52b6c34b919abc49cf8c83179835277c0678c8e90af706a89b8c992d14e15f65 |
C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce
| MD5 | b68839c81e08b2a5eab07c89a868fd9d |
| SHA1 | 4ef9d03e2b51802b05f93265ddd213d165820c0c |
| SHA256 | 547dace1a0c6e86d8036ebab03817441e5c98dc7651119b7b611e85b4ae26363 |
| SHA512 | 90086f8b8dec7e9d8ea51c88e0e80fcfb213f966e0cf05e556f88bc68cacb100b23f741329c49bd9e3f0348f8161d81f3d365aa8d549ed80ea85faedec3c3abf |
C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce
| MD5 | 6793436f4603b62596d6e511a57ab5b8 |
| SHA1 | 45f2312cac520b24d67014305ec329951dad9fe5 |
| SHA256 | 8633c8aabb3c1e0866d57faa878784ab6aa6528bd33d75d323488e34865b862a |
| SHA512 | 712a17e7ec51aa3bcd7116d7c1a1fe599c07f8006272777c5a1c599a606dc46c06db7c7327895927f638c5b1a3f50db1622bc90d0f8a8a2f506f9adab53c76cc |
C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce
| MD5 | 5169ecd12e1524999038daa2c26fb54e |
| SHA1 | daf6c24b2a7f2e29d23c3baa1f6084b1be5032ce |
| SHA256 | 818ffb2d8bffca118310ed34bbf9cd2028df9301b35a7ffe0a89b86c950a8da5 |
| SHA512 | a16551e6fccb10e798ff5a387116c038ee89e7460fbb3e55dcddb12bf47d8c42238b7526d106551886c773f095a23a97d82d3b58fa6fd65b56e92eacd1da7430 |
C:\Program Files (x86)\afmovugejphqsedsncmryahgsqv.tce
| MD5 | 521bfadda5409e98604425c85ad35195 |
| SHA1 | 9415dedd8ba4f46d99b3731b3eef83b9eb630bc4 |
| SHA256 | 16888e5f5e5bb262d1a9c3462f41467c54cff97e950a3f75d36c4302ac1215d6 |
| SHA512 | 0e4c01d5de5bea922d068060d826520aad9ddc32c563b83453e0da5281ba0d2d440d167031253a76f7a2d6b9f8ea389800dc5415ac00ecb46faa237c5dda71ff |