Analysis Overview
SHA256
9aab7948f428921efcc735e88e5adad78ff27a73e6cb2d54d9cfddae3286cf22
Threat Level: Known bad
The file JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0 was found to be: Known bad.
Malicious Activity Summary
Pykspa family
UAC bypass
Modifies WinLogon for persistence
Pykspa
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Executes dropped EXE
Checks computer location settings
Impair Defenses: Safe Mode Boot
Hijack Execution Flow: Executable Installer File Permissions Weakness
Checks whether UAC is enabled
Adds Run key to start application
Looks up external IP address via web service
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-14 15:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-14 15:42
Reported
2025-04-14 15:45
Platform
win10v2004-20250410-en
Max time kernel
41s
Max time network
149s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bltbhrglwn = "ezslcxxnjlbhvhkomxsle.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cjotwdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ezslcxxnjlbhvhkomxsle.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cjotwdp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjzpdvsfyxknyhhidl.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\bltbhrglwn = "pjbtjdcrmnchufhkhrld.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\onu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\prbbms = "ivqbxobujzwikucbb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\rfbnkcqkarpcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\rfbnkcqkarpcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\rfbnkcqkarpcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\crobzshctlkycoyzbxg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\bnhrmcogujfqrahf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\rzflpxkn = "rjzpdvsfyxknyhhidl.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "pfdrqkawohhwbozbeblb.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "pfdrqkawohhwbozbeblb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whqzgrhnzrx = "brftfvqbspabkrpo.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iryfkthlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvmdsljxrrfjvfgieng.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "crobzshctlkycoyzbxg.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "crobzshctlkycoyzbxg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\iryfkthlv = "pjbtjdcrmnchufhkhrld.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iryfkthlv = "C:\\Users\\Admin\\AppData\\Local\\Temp\\izodqhdphfrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "crobzshctlkycoyzbxg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rzflpxkn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rjzpdvsfyxknyhhidl.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "pfdrqkawohhwbozbeblb.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "evujjevslfgwcqcfjhsji.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "evujjevslfgwcqcfjhsji.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfqrdkn = "rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ivqbxobujzwikucbb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rfbnkcqkarpcfqzzav.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\crobzshctlkycoyzbxg.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rvhjweis = "rfbnkcqkarpcfqzzav.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rzflpxkn = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pjbtjdcrmnchufhkhrld.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vvdb = "pfdrqkawohhwbozbeblb.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\inadrafqx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\tfpzhtkrexeb = "izodqhdphfrtdlkke.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bhvzoyeqyh = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bnhrmcogujfqrahf.exe" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\efonx = "C:\\Users\\Admin\\AppData\\Local\\Temp\\evujjevslfgwcqcfjhsji.exe ." | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File created | C:\Windows\SysWOW64\vvdbkoouwzjixupbovppxveiio.tdc | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File created | C:\Program Files (x86)\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File created | C:\Windows\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\vnndeasqkfhyfuhlqpbttj.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\crobzshctlkycoyzbxg.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\pfdrqkawohhwbozbeblb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\evujjevslfgwcqcfjhsji.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\bnhrmcogujfqrahf.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\rfbnkcqkarpcfqzzav.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| File opened for modification | C:\Windows\ivqbxobujzwikucbb.exe | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izodqhdphfrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\izodqhdphfrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\crobzshctlkycoyzbxg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rfbnkcqkarpcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\crobzshctlkycoyzbxg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rfbnkcqkarpcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rjzpdvsfyxknyhhidl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brftfvqbspabkrpo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\evujjevslfgwcqcfjhsji.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\efonx.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b83fcfe1963876af901a35e7f36a53a0.exe"
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b83fcfe1963876af901a35e7f36a53a0.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\efonx.exe
"C:\Users\Admin\AppData\Local\Temp\efonx.exe" "-C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe"
C:\Users\Admin\AppData\Local\Temp\efonx.exe
"C:\Users\Admin\AppData\Local\Temp\efonx.exe" "-C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjzpdvsfyxknyhhidl.exe
C:\Windows\rjzpdvsfyxknyhhidl.exe
rjzpdvsfyxknyhhidl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izodqhdphfrtdlkke.exe .
C:\Windows\izodqhdphfrtdlkke.exe
izodqhdphfrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\izodqhdphfrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izodqhdphfrtdlkke.exe .
C:\Windows\brftfvqbspabkrpo.exe
brftfvqbspabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Windows\izodqhdphfrtdlkke.exe
izodqhdphfrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\izodqhdphfrtdlkke.exe*."
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe
C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\brftfvqbspabkrpo.exe
brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\pjbtjdcrmnchufhkhrld.exe
pjbtjdcrmnchufhkhrld.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pjbtjdcrmnchufhkhrld.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c izodqhdphfrtdlkke.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pjbtjdcrmnchufhkhrld.exe
pjbtjdcrmnchufhkhrld.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe
C:\Windows\izodqhdphfrtdlkke.exe
izodqhdphfrtdlkke.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\izodqhdphfrtdlkke.exe*."
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe
C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\izodqhdphfrtdlkke.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Windows\brftfvqbspabkrpo.exe
brftfvqbspabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjzpdvsfyxknyhhidl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\rjzpdvsfyxknyhhidl.exe
rjzpdvsfyxknyhhidl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rjzpdvsfyxknyhhidl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\pjbtjdcrmnchufhkhrld.exe
pjbtjdcrmnchufhkhrld.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\pjbtjdcrmnchufhkhrld.exe
pjbtjdcrmnchufhkhrld.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe .
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pjbtjdcrmnchufhkhrld.exe*."
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\brftfvqbspabkrpo.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe
C:\Users\Admin\AppData\Local\Temp\rjzpdvsfyxknyhhidl.exe
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe
C:\Users\Admin\AppData\Local\Temp\cvmdsljxrrfjvfgieng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\cvmdsljxrrfjvfgieng.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pjbtjdcrmnchufhkhrld.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\pjbtjdcrmnchufhkhrld.exe
pjbtjdcrmnchufhkhrld.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rjzpdvsfyxknyhhidl.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\rjzpdvsfyxknyhhidl.exe
rjzpdvsfyxknyhhidl.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brftfvqbspabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rjzpdvsfyxknyhhidl.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cvmdsljxrrfjvfgieng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe .
C:\Windows\brftfvqbspabkrpo.exe
brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\cvmdsljxrrfjvfgieng.exe
cvmdsljxrrfjvfgieng.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe
C:\Users\Admin\AppData\Local\Temp\pjbtjdcrmnchufhkhrld.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\cvmdsljxrrfjvfgieng.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pjbtjdcrmnchufhkhrld.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe
C:\Users\Admin\AppData\Local\Temp\izodqhdphfrtdlkke.exe .
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\izodqhdphfrtdlkke.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\rfbnkcqkarpcfqzzav.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rfbnkcqkarpcfqzzav.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\rfbnkcqkarpcfqzzav.exe
rfbnkcqkarpcfqzzav.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\evujjevslfgwcqcfjhsji.exe*."
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe
C:\Users\Admin\AppData\Local\Temp\evujjevslfgwcqcfjhsji.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\evujjevslfgwcqcfjhsji.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\pfdrqkawohhwbozbeblb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\bnhrmcogujfqrahf.exe*."
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\rfbnkcqkarpcfqzzav.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Windows\crobzshctlkycoyzbxg.exe
crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\ivqbxobujzwikucbb.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ivqbxobujzwikucbb.exe .
C:\Windows\ivqbxobujzwikucbb.exe
ivqbxobujzwikucbb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bnhrmcogujfqrahf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\ivqbxobujzwikucbb.exe*."
C:\Windows\bnhrmcogujfqrahf.exe
bnhrmcogujfqrahf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe
C:\Users\Admin\AppData\Local\Temp\bnhrmcogujfqrahf.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\bnhrmcogujfqrahf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\ivqbxobujzwikucbb.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe
C:\Users\Admin\AppData\Local\Temp\crobzshctlkycoyzbxg.exe .
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\users\admin\appdata\local\temp\crobzshctlkycoyzbxg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c evujjevslfgwcqcfjhsji.exe
C:\Windows\evujjevslfgwcqcfjhsji.exe
evujjevslfgwcqcfjhsji.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe .
C:\Windows\pfdrqkawohhwbozbeblb.exe
pfdrqkawohhwbozbeblb.exe .
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Users\Admin\AppData\Local\Temp\ejmpq.exe
"C:\Users\Admin\AppData\Local\Temp\ejmpq.exe" "-C:\Users\Admin\AppData\Local\Temp\brftfvqbspabkrpo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pfdrqkawohhwbozbeblb.exe
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
"C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe" "c:\windows\pfdrqkawohhwbozbeblb.exe*."
Network
| Country | Destination | Domain | Proto |
| GB | 88.221.135.1:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| BG | 95.111.19.54:34811 | tcp | |
| US | 8.8.8.8:53 | gyuuym.org | udp |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| US | 8.8.8.8:53 | wylmrwfhh.info | udp |
| US | 8.8.8.8:53 | zctequzmf.com | udp |
| US | 8.8.8.8:53 | ikwvxmhbrc.net | udp |
| US | 8.8.8.8:53 | qhnjfjqvjl.info | udp |
| US | 8.8.8.8:53 | kygguisgwo.org | udp |
| US | 8.8.8.8:53 | ikdddwcqrob.net | udp |
| US | 8.8.8.8:53 | kihxpkbibblm.info | udp |
| US | 8.8.8.8:53 | unxfuild.info | udp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 8.8.8.8:53 | gonvkllx.net | udp |
| US | 8.8.8.8:53 | oivalct.info | udp |
| US | 8.8.8.8:53 | ogeiwogiyu.com | udp |
| US | 8.8.8.8:53 | hwaxuahvrr.info | udp |
| US | 8.8.8.8:53 | qacdjweqga.info | udp |
| US | 8.8.8.8:53 | stfowezoo.info | udp |
| US | 8.8.8.8:53 | ggoiukqgsikq.org | udp |
| US | 8.8.8.8:53 | cmweoc.com | udp |
| US | 8.8.8.8:53 | kqqwgsyu.org | udp |
| US | 8.8.8.8:53 | cnnsewqe.net | udp |
| US | 8.8.8.8:53 | yteelqjn.info | udp |
| US | 8.8.8.8:53 | gmpypkucn.info | udp |
| US | 8.8.8.8:53 | pydvbqzkd.net | udp |
| US | 8.8.8.8:53 | udzdjiddn.net | udp |
| US | 8.8.8.8:53 | dhvieehgs.com | udp |
| US | 8.8.8.8:53 | wwrklqg.net | udp |
| US | 8.8.8.8:53 | hrhjncmcbd.info | udp |
| US | 8.8.8.8:53 | ackiyqwayk.com | udp |
| US | 8.8.8.8:53 | eyrmfybkp.net | udp |
| US | 8.8.8.8:53 | adxqrqbaruj.net | udp |
| US | 8.8.8.8:53 | ygoukmwg.org | udp |
| US | 8.8.8.8:53 | gmysmygm.com | udp |
| US | 8.8.8.8:53 | oxrbvmhkyif.info | udp |
| US | 8.8.8.8:53 | jadglz.net | udp |
| US | 8.8.8.8:53 | gkaoord.net | udp |
| US | 8.8.8.8:53 | rwqutp.net | udp |
| US | 8.8.8.8:53 | hkoubf.info | udp |
| US | 8.8.8.8:53 | bjswax.net | udp |
| US | 8.8.8.8:53 | hwokhkxqd.net | udp |
| US | 8.8.8.8:53 | ygywkcaecg.com | udp |
| US | 8.8.8.8:53 | cydlrge.info | udp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | rnrytxjuysf.net | udp |
| US | 8.8.8.8:53 | popodd.info | udp |
| US | 8.8.8.8:53 | rffzvqccglsz.info | udp |
| US | 8.8.8.8:53 | aavuzhdsr.net | udp |
| US | 8.8.8.8:53 | aqrcraf.net | udp |
| US | 8.8.8.8:53 | pnjoxjy.info | udp |
| US | 8.8.8.8:53 | mjotpzfbosdh.info | udp |
| US | 8.8.8.8:53 | uvbupon.net | udp |
| US | 8.8.8.8:53 | olbnjifd.info | udp |
| US | 8.8.8.8:53 | dnfjafzmzb.net | udp |
| US | 8.8.8.8:53 | luvehemiri.info | udp |
| US | 8.8.8.8:53 | eyvwfbpzvkf.net | udp |
| US | 8.8.8.8:53 | rwpqeuborcn.net | udp |
| US | 8.8.8.8:53 | nqzofbfmvolt.info | udp |
| US | 8.8.8.8:53 | oqptmlsphxqt.info | udp |
| US | 8.8.8.8:53 | lalckpw.org | udp |
| US | 8.8.8.8:53 | vstpwq.net | udp |
| US | 8.8.8.8:53 | xnhiocr.net | udp |
| US | 8.8.8.8:53 | zaohxqxdzcfk.info | udp |
| US | 8.8.8.8:53 | rsxxaj.net | udp |
| US | 94.72.119.132:20764 | tcp | |
| US | 8.8.8.8:53 | hmfurcniz.info | udp |
| US | 8.8.8.8:53 | wuhsium.net | udp |
| US | 8.8.8.8:53 | skyueymm.com | udp |
| US | 8.8.8.8:53 | ddpobim.org | udp |
| US | 8.8.8.8:53 | gggjqfvyezn.net | udp |
| US | 8.8.8.8:53 | tqlednzwr.com | udp |
| US | 8.8.8.8:53 | xqiyclldry.info | udp |
| US | 8.8.8.8:53 | npktvj.net | udp |
| US | 8.8.8.8:53 | owpueefbb.net | udp |
| US | 8.8.8.8:53 | ewhqxezcwwc.net | udp |
| US | 8.8.8.8:53 | bipozo.net | udp |
| US | 8.8.8.8:53 | cmhjebvakrpv.info | udp |
| US | 8.8.8.8:53 | kowxbyfnq.net | udp |
| US | 8.8.8.8:53 | yognduz.net | udp |
| US | 8.8.8.8:53 | bvjgxcelqp.net | udp |
| US | 8.8.8.8:53 | vcjcrgw.com | udp |
| US | 8.8.8.8:53 | yoaoooewyeeo.com | udp |
| US | 8.8.8.8:53 | mhbahanmg.net | udp |
| US | 8.8.8.8:53 | eeooeaciququ.org | udp |
| US | 8.8.8.8:53 | zbvcyqvljkp.com | udp |
| US | 8.8.8.8:53 | kvaxyfbqhst.info | udp |
| US | 8.8.8.8:53 | mdhpuesj.net | udp |
| US | 8.8.8.8:53 | imrtpvapmj.net | udp |
| US | 8.8.8.8:53 | noxycgxidn.net | udp |
| US | 8.8.8.8:53 | lqcnwysgnc.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | auwqsu.com | udp |
| US | 8.8.8.8:53 | miocosqaqaye.com | udp |
| US | 8.8.8.8:53 | msqsaa.org | udp |
| US | 8.8.8.8:53 | avmgry.info | udp |
| US | 8.8.8.8:53 | fmrisyv.com | udp |
| US | 8.8.8.8:53 | mpdcbwsgxij.info | udp |
| US | 8.8.8.8:53 | vrxmprngmlhk.net | udp |
| US | 8.8.8.8:53 | vwdifmr.org | udp |
| MK | 109.69.42.241:38744 | tcp | |
| US | 8.8.8.8:53 | qsojliqo.info | udp |
| US | 8.8.8.8:53 | lktkosl.org | udp |
| US | 8.8.8.8:53 | iznvzhbkb.net | udp |
| US | 8.8.8.8:53 | eznabol.net | udp |
| US | 8.8.8.8:53 | dixmnywqcy.net | udp |
| US | 8.8.8.8:53 | nmxdzhjlohzy.net | udp |
| US | 8.8.8.8:53 | spksmrbsbrfg.info | udp |
| US | 8.8.8.8:53 | eucyaokqsu.org | udp |
| US | 8.8.8.8:53 | zchodaynl.com | udp |
| US | 8.8.8.8:53 | hazqnswy.net | udp |
| US | 8.8.8.8:53 | klqmnybibg.net | udp |
| US | 8.8.8.8:53 | liuoagvdnqx.org | udp |
| US | 8.8.8.8:53 | kpagtitvmd.net | udp |
| US | 8.8.8.8:53 | hzfpvb.net | udp |
| US | 8.8.8.8:53 | esmecmowseuw.org | udp |
| US | 8.8.8.8:53 | jmbvhqpou.info | udp |
| US | 8.8.8.8:53 | hbfzssslye.net | udp |
| US | 8.8.8.8:53 | lyxmnybibg.info | udp |
| US | 8.8.8.8:53 | qlqufaxrp.info | udp |
| US | 8.8.8.8:53 | tqzealdxyu.info | udp |
| US | 8.8.8.8:53 | ucqscoqfpwp.net | udp |
| US | 8.8.8.8:53 | dkouvubcpovf.info | udp |
| US | 8.8.8.8:53 | ucnhfst.info | udp |
| US | 8.8.8.8:53 | sayavg.net | udp |
| US | 8.8.8.8:53 | kjketpdtyp.info | udp |
| US | 8.8.8.8:53 | gpnknjk.net | udp |
| US | 8.8.8.8:53 | kgucribs.info | udp |
| US | 8.8.8.8:53 | ydjjugxevlu.info | udp |
| US | 8.8.8.8:53 | osukqa.com | udp |
| US | 8.8.8.8:53 | qsiera.net | udp |
| US | 8.8.8.8:53 | zyfitez.info | udp |
| US | 8.8.8.8:53 | vqiiizc.net | udp |
| US | 8.8.8.8:53 | lbvvdbvivlbu.net | udp |
| US | 8.8.8.8:53 | lnsgvrulpx.net | udp |
| US | 8.8.8.8:53 | avksjqlsfhbo.net | udp |
| US | 8.8.8.8:53 | hcdinci.info | udp |
| US | 8.8.8.8:53 | wyfwzoees.info | udp |
| US | 8.8.8.8:53 | cflvjlfpzsxh.net | udp |
| US | 8.8.8.8:53 | leqdurjb.net | udp |
| US | 8.8.8.8:53 | fubbhwv.com | udp |
| US | 8.8.8.8:53 | ykvdsjjnzm.net | udp |
| US | 8.8.8.8:53 | wcnhfcro.info | udp |
| US | 8.8.8.8:53 | dxikspgshgbk.info | udp |
| US | 8.8.8.8:53 | fbxfrmymlv.info | udp |
| US | 8.8.8.8:53 | txypfbmdkt.net | udp |
| US | 8.8.8.8:53 | nlhtrrgkfivs.info | udp |
| US | 8.8.8.8:53 | lgmwshpwdp.net | udp |
| US | 8.8.8.8:53 | nalmtvn.com | udp |
| US | 8.8.8.8:53 | zqfvuquiecp.net | udp |
| US | 8.8.8.8:53 | nrymsoxjx.com | udp |
| RU | 188.16.156.230:36160 | tcp | |
| US | 8.8.8.8:53 | ykpbvqhie.net | udp |
| US | 8.8.8.8:53 | zgrjrexb.net | udp |
| US | 8.8.8.8:53 | dubqfwp.info | udp |
| US | 8.8.8.8:53 | uklzvesgd.info | udp |
| US | 8.8.8.8:53 | zvxcgkwzpuky.net | udp |
| US | 8.8.8.8:53 | lerixywie.net | udp |
| US | 8.8.8.8:53 | edityjhm.net | udp |
| US | 8.8.8.8:53 | eeueccewmeem.com | udp |
| US | 8.8.8.8:53 | bbvtctvcwlbd.net | udp |
| US | 8.8.8.8:53 | zbjmyd.info | udp |
| US | 8.8.8.8:53 | ehridwhke.net | udp |
| US | 8.8.8.8:53 | acrmngx.net | udp |
| US | 8.8.8.8:53 | vouhhjys.net | udp |
| US | 8.8.8.8:53 | uchajubky.net | udp |
| US | 8.8.8.8:53 | cebafdz.info | udp |
| US | 8.8.8.8:53 | yogifymsp.net | udp |
| US | 8.8.8.8:53 | gthoprfe.net | udp |
| US | 8.8.8.8:53 | lfdgbcvbbat.net | udp |
| US | 8.8.8.8:53 | jqpulom.org | udp |
| US | 8.8.8.8:53 | fotlfadh.net | udp |
| US | 8.8.8.8:53 | nobwkgf.org | udp |
| US | 8.8.8.8:53 | knulscbiaqmm.info | udp |
| US | 8.8.8.8:53 | ycuugoigqk.org | udp |
| US | 8.8.8.8:53 | vlpxze.info | udp |
| US | 8.8.8.8:53 | eljlorggpu.info | udp |
| US | 8.8.8.8:53 | nqcsprfy.info | udp |
| US | 8.8.8.8:53 | prtmnvcmb.info | udp |
| US | 8.8.8.8:53 | skywyumxq.net | udp |
| US | 8.8.8.8:53 | ejtqxdpbdl.info | udp |
| US | 8.8.8.8:53 | pujgluj.net | udp |
| US | 8.8.8.8:53 | qadyus.info | udp |
| US | 8.8.8.8:53 | isrpunlh.info | udp |
| US | 8.8.8.8:53 | umleux.net | udp |
| US | 8.8.8.8:53 | egsmyysc.org | udp |
| US | 8.8.8.8:53 | fkuetedvn.info | udp |
| US | 8.8.8.8:53 | gtjzxctvzxse.net | udp |
| US | 8.8.8.8:53 | xkjcpun.com | udp |
| US | 8.8.8.8:53 | nshdioh.net | udp |
| US | 8.8.8.8:53 | oetoceaydhk.info | udp |
| US | 8.8.8.8:53 | lxliptd.net | udp |
| US | 8.8.8.8:53 | cydchkeef.net | udp |
| US | 8.8.8.8:53 | ocbitshcm.net | udp |
| US | 8.8.8.8:53 | ekqqcc.org | udp |
| US | 8.8.8.8:53 | qinbqci.net | udp |
| US | 8.8.8.8:53 | hgrodml.net | udp |
| US | 8.8.8.8:53 | pawhhgkpec.net | udp |
| US | 8.8.8.8:53 | bfxhcqvc.info | udp |
| US | 8.8.8.8:53 | dwfkeogzvhjn.info | udp |
| US | 8.8.8.8:53 | adhbceiz.info | udp |
| US | 8.8.8.8:53 | tsdinuhj.net | udp |
| US | 8.8.8.8:53 | farwdwuan.com | udp |
| US | 8.8.8.8:53 | gpvbrbuyhtnr.net | udp |
| US | 8.8.8.8:53 | dflqknsl.net | udp |
| US | 8.8.8.8:53 | mcfvcxtifu.net | udp |
| US | 8.8.8.8:53 | weocqw.org | udp |
| US | 8.8.8.8:53 | refxhuq.com | udp |
| US | 8.8.8.8:53 | uwtezdh.net | udp |
| US | 8.8.8.8:53 | emthorn.info | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | xjjslzzs.net | udp |
| US | 8.8.8.8:53 | hktelatn.info | udp |
| US | 8.8.8.8:53 | mwsjlip.net | udp |
| US | 8.8.8.8:53 | swdrcwvizldl.info | udp |
| US | 8.8.8.8:53 | pjbjpbpnjbzl.net | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | lblmsrb.info | udp |
| LT | 78.60.150.155:29552 | tcp | |
| US | 8.8.8.8:53 | fmhclkf.org | udp |
| US | 8.8.8.8:53 | kmggkm.com | udp |
| US | 8.8.8.8:53 | dxwyprbedifi.info | udp |
| US | 8.8.8.8:53 | uwksggaa.com | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | kalxxxy.info | udp |
| US | 8.8.8.8:53 | kmdcogd.net | udp |
| US | 8.8.8.8:53 | aknsgwkcl.net | udp |
| US | 8.8.8.8:53 | oqrixbdus.info | udp |
| US | 8.8.8.8:53 | thciuolpzs.info | udp |
| US | 8.8.8.8:53 | umomycgomm.org | udp |
| US | 8.8.8.8:53 | dozprwxhn.info | udp |
| US | 8.8.8.8:53 | ecbwysbz.info | udp |
| US | 8.8.8.8:53 | ghpvqgnekiva.net | udp |
| US | 8.8.8.8:53 | wiigigciow.org | udp |
| US | 8.8.8.8:53 | zgrktvn.net | udp |
| US | 8.8.8.8:53 | dgzwrnhx.net | udp |
| US | 8.8.8.8:53 | ngcdlyb.com | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | uipwfotwwgh.info | udp |
| US | 8.8.8.8:53 | jszocat.info | udp |
| US | 8.8.8.8:53 | kiyamcwk.org | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | dkeytodxib.info | udp |
| US | 8.8.8.8:53 | ljgrjd.net | udp |
| US | 8.8.8.8:53 | dqeavwtqh.org | udp |
| US | 8.8.8.8:53 | dclpbldan.com | udp |
| US | 8.8.8.8:53 | nyrwceu.com | udp |
| US | 8.8.8.8:53 | idydxbdftv.net | udp |
| US | 8.8.8.8:53 | smtrhmvcjsn.info | udp |
| US | 8.8.8.8:53 | krjcqhgq.info | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | jstudmzuw.com | udp |
| US | 8.8.8.8:53 | vcdgmfbhdvxk.info | udp |
| US | 8.8.8.8:53 | mameuismkegw.com | udp |
| US | 8.8.8.8:53 | mgqxjvziht.net | udp |
| US | 8.8.8.8:53 | oqpxvoxqrhm.info | udp |
| US | 8.8.8.8:53 | oswngjpzxc.net | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | gzjbpr.info | udp |
| US | 8.8.8.8:53 | waymgbtcdefc.net | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | zorntseq.net | udp |
| LV | 83.99.145.208:23448 | tcp | |
| US | 8.8.8.8:53 | fzijwkb.com | udp |
| US | 8.8.8.8:53 | uttglmlt.info | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | aclqrivmz.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | cqlubjxyolz.info | udp |
| US | 8.8.8.8:53 | lirbebdaicd.net | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | bkakabfa.info | udp |
| US | 8.8.8.8:53 | mazrfaywiwo.net | udp |
| US | 8.8.8.8:53 | oaeaioagco.org | udp |
| US | 8.8.8.8:53 | xsggtwkr.info | udp |
| US | 8.8.8.8:53 | xhtuboo.info | udp |
| US | 8.8.8.8:53 | bhzwpwzaxcv.com | udp |
| US | 8.8.8.8:53 | dwwicmb.com | udp |
| US | 8.8.8.8:53 | bepuloo.info | udp |
| US | 8.8.8.8:53 | bsftrvt.info | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | edayrzdfrr.net | udp |
| US | 8.8.8.8:53 | aslfiwth.info | udp |
| US | 8.8.8.8:53 | fsnmfmh.net | udp |
| US | 8.8.8.8:53 | mekykueiki.org | udp |
| US | 8.8.8.8:53 | gswigkqoqsog.com | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| MD | 109.185.185.135:18405 | tcp | |
| US | 8.8.8.8:53 | ucxwdytcd.info | udp |
| US | 8.8.8.8:53 | yhizzf.info | udp |
| US | 8.8.8.8:53 | tvbemh.info | udp |
| US | 8.8.8.8:53 | mxhrvdes.net | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | kefsbuv.info | udp |
| US | 8.8.8.8:53 | bexazkfcv.com | udp |
| US | 8.8.8.8:53 | myoqmwyg.org | udp |
| US | 8.8.8.8:53 | hsdcvazmm.com | udp |
| US | 8.8.8.8:53 | ipqvmtco.info | udp |
| US | 8.8.8.8:53 | evlrvbtwnx.info | udp |
| US | 8.8.8.8:53 | yeckikkg.org | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | ldngutyf.net | udp |
| US | 8.8.8.8:53 | iqqmntqo.info | udp |
| US | 8.8.8.8:53 | lezugz.net | udp |
| US | 8.8.8.8:53 | votebrqf.info | udp |
| US | 8.8.8.8:53 | odnomz.info | udp |
| US | 8.8.8.8:53 | dtzuyyfj.info | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | lmwqml.net | udp |
| US | 8.8.8.8:53 | yiwehvmkztmx.net | udp |
| US | 8.8.8.8:53 | qgggic.org | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | svfmjmbd.info | udp |
| US | 8.8.8.8:53 | tuhabmafx.net | udp |
| US | 8.8.8.8:53 | ekcswwmyowmg.com | udp |
| US | 8.8.8.8:53 | gicioogy.org | udp |
| US | 8.8.8.8:53 | kscyygay.net | udp |
| US | 8.8.8.8:53 | weggcwuy.org | udp |
| US | 8.8.8.8:53 | puyasczqors.org | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | lwrbughkb.com | udp |
| US | 8.8.8.8:53 | cyymae.org | udp |
| US | 8.8.8.8:53 | gohdjwfev.net | udp |
| US | 8.8.8.8:53 | gowagmcugm.org | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | wzqwjrrjtkhn.net | udp |
| US | 8.8.8.8:53 | egbmepl.info | udp |
| US | 8.8.8.8:53 | twpqidezmmxp.net | udp |
| US | 8.8.8.8:53 | qquutwuq.net | udp |
| US | 8.8.8.8:53 | ywacgsioyick.org | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | nbyzpwr.org | udp |
| US | 8.8.8.8:53 | mkxgjmvb.info | udp |
| BG | 94.236.213.98:23019 | tcp | |
| US | 8.8.8.8:53 | cmtcpwgbpyh.info | udp |
| US | 8.8.8.8:53 | ygumvki.info | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | tsxkthcswux.net | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | bzvopdnkwu.info | udp |
| US | 8.8.8.8:53 | petxzn.info | udp |
| US | 8.8.8.8:53 | jvxpahugoute.net | udp |
| US | 8.8.8.8:53 | syanhaaljvnf.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | lyfczxdnpdi.com | udp |
| US | 8.8.8.8:53 | kgviietmped.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | iscskgew.org | udp |
| US | 8.8.8.8:53 | wmgoaowo.org | udp |
| US | 8.8.8.8:53 | cytcsplo.net | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | rmvwftcgb.com | udp |
| US | 8.8.8.8:53 | cjcfxsyyo.info | udp |
| US | 8.8.8.8:53 | trbwmceaweb.org | udp |
| US | 8.8.8.8:53 | klhorgsi.net | udp |
| US | 8.8.8.8:53 | nehoniv.org | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| LT | 77.79.41.164:45448 | tcp | |
| US | 8.8.8.8:53 | zsptgrjgr.com | udp |
| US | 8.8.8.8:53 | tgqnpbuc.net | udp |
| US | 8.8.8.8:53 | bvnxdldcsos.org | udp |
| US | 8.8.8.8:53 | myocawssawkq.com | udp |
| US | 8.8.8.8:53 | kquowo.org | udp |
| US | 8.8.8.8:53 | znnhkfgcwr.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | lulekbbwwkd.org | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | okxqyyxyxib.info | udp |
| US | 8.8.8.8:53 | nmzywac.net | udp |
| US | 8.8.8.8:53 | zlrptduwafvx.info | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | uwpwyylunmc.net | udp |
| US | 8.8.8.8:53 | oixqtnait.info | udp |
| US | 8.8.8.8:53 | jzthxr.net | udp |
| US | 8.8.8.8:53 | giyiyggm.com | udp |
| US | 8.8.8.8:53 | lwhixbfia.info | udp |
| US | 8.8.8.8:53 | ztvazalg.net | udp |
| US | 8.8.8.8:53 | dhccxev.info | udp |
| US | 8.8.8.8:53 | anvrzosatkj.net | udp |
| US | 8.8.8.8:53 | odoqzijhsjjo.net | udp |
| US | 8.8.8.8:53 | vsmjkyzlx.net | udp |
| US | 8.8.8.8:53 | eoqaqh.net | udp |
| US | 8.8.8.8:53 | fjusznt.com | udp |
| US | 8.8.8.8:53 | sjrfbwt.info | udp |
| US | 8.8.8.8:53 | zuhmapbot.net | udp |
| US | 8.8.8.8:53 | rcprqub.info | udp |
| LT | 89.117.247.62:42576 | tcp | |
| US | 8.8.8.8:53 | njzbxcpyipso.info | udp |
| US | 8.8.8.8:53 | qczdtuz.info | udp |
| US | 8.8.8.8:53 | vtsasbwn.net | udp |
| US | 8.8.8.8:53 | vjvlnnztmb.net | udp |
| US | 8.8.8.8:53 | ratcteved.net | udp |
| US | 8.8.8.8:53 | yojkaljecqs.info | udp |
| US | 8.8.8.8:53 | occgiq.org | udp |
| US | 8.8.8.8:53 | lqhqpzqaa.org | udp |
| US | 8.8.8.8:53 | qsjlxj.info | udp |
| US | 8.8.8.8:53 | ecegeakc.org | udp |
| US | 8.8.8.8:53 | ootkjdzphd.net | udp |
| US | 8.8.8.8:53 | fxagdqp.org | udp |
| US | 8.8.8.8:53 | btzcbg.net | udp |
| US | 8.8.8.8:53 | dzjuknfmpfff.info | udp |
| US | 8.8.8.8:53 | jodwziduxgq.com | udp |
| US | 8.8.8.8:53 | zrjyocdjxbtq.info | udp |
| US | 8.8.8.8:53 | dwfmaujup.net | udp |
| US | 8.8.8.8:53 | aararuzmj.info | udp |
| US | 8.8.8.8:53 | bjzmpkedyg.info | udp |
| US | 8.8.8.8:53 | sooaksiieays.org | udp |
| US | 8.8.8.8:53 | uytqxqlb.info | udp |
| US | 8.8.8.8:53 | zrizzt.net | udp |
| US | 8.8.8.8:53 | cecwqigogcwm.com | udp |
| US | 8.8.8.8:53 | fuuqxczcznz.org | udp |
| US | 8.8.8.8:53 | xklzcflmd.net | udp |
| US | 8.8.8.8:53 | tstplevza.net | udp |
| US | 8.8.8.8:53 | nsivlp.info | udp |
| US | 8.8.8.8:53 | oieuacceicwa.org | udp |
| US | 8.8.8.8:53 | dgptjtszgbxw.net | udp |
| US | 8.8.8.8:53 | nsjnpn.net | udp |
| BG | 212.75.11.123:27967 | tcp | |
| US | 8.8.8.8:53 | egchvclk.net | udp |
| US | 8.8.8.8:53 | xgrofw.info | udp |
| US | 8.8.8.8:53 | ivewnr.info | udp |
| US | 8.8.8.8:53 | ttialuukmuy.com | udp |
| US | 8.8.8.8:53 | xevylidk.info | udp |
| US | 8.8.8.8:53 | xejvnaebz.org | udp |
| US | 8.8.8.8:53 | eaaktqnrxm.info | udp |
| US | 8.8.8.8:53 | nfgcffubjh.info | udp |
| US | 8.8.8.8:53 | nqxijbihvn.info | udp |
| US | 8.8.8.8:53 | jalaqsxytfr.info | udp |
| US | 8.8.8.8:53 | bqpqgcyybju.com | udp |
| US | 8.8.8.8:53 | jwpkbnsvd.net | udp |
| US | 8.8.8.8:53 | zdbnui.net | udp |
| US | 8.8.8.8:53 | yspynbdonzn.net | udp |
| US | 8.8.8.8:53 | ecmwcwcu.com | udp |
| US | 8.8.8.8:53 | usqqaomaaw.org | udp |
| US | 8.8.8.8:53 | rczlhprxbppm.info | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | ytfwcb.net | udp |
| US | 8.8.8.8:53 | bxyort.net | udp |
| US | 8.8.8.8:53 | rfcqjgcwrllk.info | udp |
| US | 8.8.8.8:53 | pqbnjajavbh.info | udp |
| US | 8.8.8.8:53 | oqljttdvdqd.info | udp |
| US | 8.8.8.8:53 | ooewwc.org | udp |
| US | 8.8.8.8:53 | hsqpiwhyelwv.info | udp |
| US | 8.8.8.8:53 | tyjejomvm.info | udp |
| US | 8.8.8.8:53 | zwnunufgdwb.com | udp |
| US | 8.8.8.8:53 | yazmlkomykl.net | udp |
| US | 8.8.8.8:53 | btwbbgnh.info | udp |
| US | 8.8.8.8:53 | jypigkw.net | udp |
| US | 8.8.8.8:53 | ckqyecwagqok.org | udp |
| US | 8.8.8.8:53 | yuigqwammc.com | udp |
| US | 8.8.8.8:53 | mguelxzbjp.net | udp |
| US | 8.8.8.8:53 | dwprrqgfqimo.net | udp |
| US | 8.8.8.8:53 | aypypzbihi.net | udp |
| US | 8.8.8.8:53 | gbfqqfqcryz.net | udp |
| US | 8.8.8.8:53 | wleugapofp.net | udp |
| US | 8.8.8.8:53 | jphhtgd.com | udp |
| US | 8.8.8.8:53 | kxwcjgocd.net | udp |
| US | 8.8.8.8:53 | eoamyu.org | udp |
| US | 8.8.8.8:53 | xqlaeyt.org | udp |
| US | 8.8.8.8:53 | omierhazkhgw.net | udp |
| US | 8.8.8.8:53 | ezdqqbv.net | udp |
| US | 8.8.8.8:53 | okuswg.org | udp |
| US | 8.8.8.8:53 | dgvnypbsz.net | udp |
| US | 8.8.8.8:53 | rarogmgml.com | udp |
| US | 8.8.8.8:53 | usbbkfroyufk.net | udp |
| US | 8.8.8.8:53 | odtvtadoptzt.info | udp |
| BG | 212.104.118.242:26835 | tcp | |
| US | 8.8.8.8:53 | kwdrqyzrhd.net | udp |
| US | 8.8.8.8:53 | fkvylsguoan.info | udp |
| US | 8.8.8.8:53 | ihkxruu.net | udp |
| US | 8.8.8.8:53 | zianfzsh.info | udp |
| US | 8.8.8.8:53 | itxqjpkcbqfn.net | udp |
| US | 8.8.8.8:53 | jbwrojmvxi.net | udp |
| US | 8.8.8.8:53 | lmvxpezwq.net | udp |
| US | 8.8.8.8:53 | eglzww.info | udp |
| US | 8.8.8.8:53 | xrjmbmgmisvh.info | udp |
| US | 8.8.8.8:53 | smssik.com | udp |
| US | 8.8.8.8:53 | liyblmrbl.com | udp |
| US | 8.8.8.8:53 | jqtenkdayoy.org | udp |
| US | 8.8.8.8:53 | mmrelxp.net | udp |
| US | 8.8.8.8:53 | mhzvjdntnn.info | udp |
| US | 8.8.8.8:53 | huuykmy.net | udp |
| US | 8.8.8.8:53 | fvtkrqkxh.info | udp |
| US | 8.8.8.8:53 | lvliwxsju.net | udp |
| US | 8.8.8.8:53 | pfjwsabwxf.net | udp |
| US | 8.8.8.8:53 | eimmgikc.org | udp |
| US | 8.8.8.8:53 | wcgcuuiu.org | udp |
| US | 8.8.8.8:53 | gryvxxq.net | udp |
| US | 8.8.8.8:53 | vdzoiea.info | udp |
| US | 8.8.8.8:53 | juwjci.info | udp |
| US | 8.8.8.8:53 | iuflcspyn.info | udp |
| US | 8.8.8.8:53 | nhmyomxjv.info | udp |
| US | 8.8.8.8:53 | nowvyjklfg.info | udp |
| US | 8.8.8.8:53 | szfzta.info | udp |
| US | 8.8.8.8:53 | bzrxhobotgb.org | udp |
| US | 8.8.8.8:53 | saajdqygl.info | udp |
| US | 8.8.8.8:53 | tyzkrdhyl.info | udp |
| US | 8.8.8.8:53 | ywpyuxnpz.net | udp |
| US | 8.8.8.8:53 | evgyifwkl.net | udp |
| US | 8.8.8.8:53 | aqdhtlqcrv.info | udp |
| US | 8.8.8.8:53 | vyvijbihvn.info | udp |
| SA | 87.120.170.183:19791 | tcp | |
| US | 8.8.8.8:53 | xvyvvj.net | udp |
| US | 8.8.8.8:53 | rrwwwwrffqp.info | udp |
| US | 8.8.8.8:53 | rixfjt.net | udp |
| US | 8.8.8.8:53 | seimuaqoaqqq.org | udp |
| US | 8.8.8.8:53 | barnpku.org | udp |
| US | 8.8.8.8:53 | hsrofavrq.net | udp |
| US | 8.8.8.8:53 | jrvwcasfvg.info | udp |
| US | 8.8.8.8:53 | ousacquu.org | udp |
| US | 8.8.8.8:53 | wmecyk.org | udp |
| US | 8.8.8.8:53 | hozwjx.info | udp |
| US | 8.8.8.8:53 | omapaz.net | udp |
| US | 8.8.8.8:53 | llpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | pkkcnhpccgh.com | udp |
| US | 8.8.8.8:53 | xihshiemugv.com | udp |
| US | 8.8.8.8:53 | bctwfgikb.org | udp |
| US | 8.8.8.8:53 | qivshza.net | udp |
| US | 8.8.8.8:53 | repoiapo.info | udp |
| US | 8.8.8.8:53 | zlpwyxtkmm.net | udp |
| US | 8.8.8.8:53 | caoimggiuico.com | udp |
| US | 8.8.8.8:53 | pcblbg.info | udp |
| US | 8.8.8.8:53 | fzqqksnzg.net | udp |
| US | 8.8.8.8:53 | yyfxtfqyx.info | udp |
| US | 8.8.8.8:53 | ckwycauo.org | udp |
| US | 8.8.8.8:53 | xmlymtnez.org | udp |
| US | 8.8.8.8:53 | vcboostd.net | udp |
| US | 8.8.8.8:53 | emookwkcagym.com | udp |
| US | 8.8.8.8:53 | dalmnvkkntf.info | udp |
| US | 8.8.8.8:53 | dfpghkb.com | udp |
| US | 8.8.8.8:53 | odzbrjqoy.info | udp |
| US | 8.8.8.8:53 | eutomkuvg.net | udp |
| US | 8.8.8.8:53 | ewjkbkfejmf.net | udp |
| US | 8.8.8.8:53 | tajluerio.info | udp |
| US | 8.8.8.8:53 | mcptdvvp.info | udp |
| US | 8.8.8.8:53 | hytuaktotgt.com | udp |
| US | 8.8.8.8:53 | tgndvkxmj.net | udp |
| US | 8.8.8.8:53 | aalijqi.info | udp |
| US | 8.8.8.8:53 | odqisf.info | udp |
| US | 8.8.8.8:53 | uokagugw.com | udp |
| US | 8.8.8.8:53 | sqekqkamck.com | udp |
| US | 8.8.8.8:53 | sqtsjvlbf.info | udp |
| US | 8.8.8.8:53 | gmvvmsn.net | udp |
| US | 8.8.8.8:53 | ncpmyszzt.info | udp |
| US | 8.8.8.8:53 | omysbfkkxol.info | udp |
| US | 8.8.8.8:53 | ginjfis.net | udp |
| US | 8.8.8.8:53 | npskrwuzpn.net | udp |
| US | 8.8.8.8:53 | awaoukms.com | udp |
| US | 8.8.8.8:53 | ybxsqlwexbnh.info | udp |
| US | 8.8.8.8:53 | fusrtuevxut.com | udp |
| US | 8.8.8.8:53 | kiygoqmkqiee.com | udp |
| US | 8.8.8.8:53 | onqenwgbgjkq.info | udp |
| GB | 86.135.21.64:15538 | tcp | |
| US | 8.8.8.8:53 | kkiamiym.com | udp |
| US | 8.8.8.8:53 | aoowaqcwaw.org | udp |
| US | 8.8.8.8:53 | tbyhqbye.net | udp |
| US | 8.8.8.8:53 | dbduvirmu.net | udp |
| US | 8.8.8.8:53 | jatdaajehomt.net | udp |
| US | 8.8.8.8:53 | nlbankm.org | udp |
| US | 8.8.8.8:53 | intledvz.info | udp |
| US | 8.8.8.8:53 | mwgkuyee.org | udp |
| US | 8.8.8.8:53 | sekscaqwmaea.com | udp |
| US | 8.8.8.8:53 | rvhukprknerl.net | udp |
| US | 8.8.8.8:53 | tfucfbbwq.info | udp |
| US | 8.8.8.8:53 | sozulgtvc.info | udp |
| US | 8.8.8.8:53 | zogozuio.net | udp |
| US | 8.8.8.8:53 | nzostdtlp.net | udp |
| US | 8.8.8.8:53 | jwnqayxz.info | udp |
| US | 8.8.8.8:53 | lkxytgsxz.info | udp |
| US | 8.8.8.8:53 | iyhwzj.info | udp |
| US | 8.8.8.8:53 | lrpembevxq.info | udp |
| US | 8.8.8.8:53 | bzaydhbkyko.info | udp |
| US | 8.8.8.8:53 | esnwveh.info | udp |
| US | 8.8.8.8:53 | knxkdweuub.net | udp |
| US | 8.8.8.8:53 | lvjjehil.net | udp |
| US | 8.8.8.8:53 | uoxjsmld.info | udp |
| US | 8.8.8.8:53 | oucwokucauei.org | udp |
| US | 8.8.8.8:53 | czcpzygn.net | udp |
| US | 8.8.8.8:53 | zkdcbad.net | udp |
| US | 8.8.8.8:53 | tigigklbvym.info | udp |
| US | 8.8.8.8:53 | dccasfsyu.com | udp |
| US | 8.8.8.8:53 | vqigtwn.com | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| US | 8.8.8.8:53 | wqqczmkqawns.net | udp |
| US | 8.8.8.8:53 | dgvffz.net | udp |
| US | 8.8.8.8:53 | zhaieayynu.info | udp |
| US | 8.8.8.8:53 | wqgikeikmygs.org | udp |
| US | 8.8.8.8:53 | bjpwlrlwpx.net | udp |
| US | 8.8.8.8:53 | gdnbriimynhc.info | udp |
| US | 8.8.8.8:53 | fnzwwxmvpa.info | udp |
| US | 8.8.8.8:53 | lnanjh.info | udp |
| US | 8.8.8.8:53 | imwkkoik.com | udp |
| US | 8.8.8.8:53 | fgecrkxyb.com | udp |
| US | 8.8.8.8:53 | wbpgaboumqt.net | udp |
| US | 8.8.8.8:53 | emesyy.org | udp |
| US | 8.8.8.8:53 | jdfdiamaukju.net | udp |
| US | 8.8.8.8:53 | lgzzweqbfvch.net | udp |
| US | 8.8.8.8:53 | narxtsr.org | udp |
| US | 8.8.8.8:53 | sewuvwb.net | udp |
| US | 8.8.8.8:53 | sgmmqy.com | udp |
| US | 8.8.8.8:53 | wiymyyywa.info | udp |
| BG | 93.155.217.237:39355 | tcp | |
| US | 8.8.8.8:53 | aksyokqkcukm.org | udp |
| US | 8.8.8.8:53 | oaewcmmi.com | udp |
| US | 8.8.8.8:53 | yofczkhqpms.info | udp |
| US | 8.8.8.8:53 | pylijvdtvr.info | udp |
| US | 8.8.8.8:53 | vwsoggmynqh.org | udp |
| US | 8.8.8.8:53 | gypjrqs.info | udp |
| US | 8.8.8.8:53 | oalwpcngx.info | udp |
| US | 8.8.8.8:53 | aoykmoiwmg.org | udp |
| US | 8.8.8.8:53 | xcrfxbihvn.info | udp |
| US | 8.8.8.8:53 | fkxprtliq.net | udp |
| US | 8.8.8.8:53 | eweeusmy.org | udp |
| US | 8.8.8.8:53 | tfrwxxxm.net | udp |
| US | 8.8.8.8:53 | pvesxitaordl.info | udp |
| US | 8.8.8.8:53 | ldzostsqzdog.net | udp |
| US | 8.8.8.8:53 | yaommo.com | udp |
| US | 8.8.8.8:53 | fxjefaz.org | udp |
| US | 8.8.8.8:53 | edrmpnf.info | udp |
| US | 8.8.8.8:53 | asigxmqnxub.net | udp |
| US | 8.8.8.8:53 | gesgcqqecmok.org | udp |
| US | 8.8.8.8:53 | rendhgjruhhx.net | udp |
| US | 8.8.8.8:53 | txnmzxyojus.org | udp |
| US | 8.8.8.8:53 | yylwfqj.info | udp |
| US | 8.8.8.8:53 | dzrmxez.com | udp |
| US | 8.8.8.8:53 | lqhvxuz.com | udp |
| US | 8.8.8.8:53 | fdzeikjmpo.info | udp |
| US | 8.8.8.8:53 | datsiikuj.net | udp |
| US | 8.8.8.8:53 | eeuouoayeo.com | udp |
| US | 8.8.8.8:53 | kxldwaoqfn.info | udp |
| US | 8.8.8.8:53 | yrezbz.info | udp |
| US | 8.8.8.8:53 | ibjspd.info | udp |
| US | 8.8.8.8:53 | xxbuvavqnao.net | udp |
| US | 8.8.8.8:53 | fafavuuyo.net | udp |
| US | 8.8.8.8:53 | yyhqkmcfww.net | udp |
| US | 8.8.8.8:53 | oawtzmb.info | udp |
| US | 8.8.8.8:53 | yseyum.org | udp |
| US | 8.8.8.8:53 | tgzzsilpuoyu.info | udp |
| US | 8.8.8.8:53 | wbbhrvgrqu.net | udp |
| US | 8.8.8.8:53 | vpzdgzv.net | udp |
| US | 8.8.8.8:53 | dmbknysgg.org | udp |
| US | 8.8.8.8:53 | ykcemikgka.com | udp |
| US | 8.8.8.8:53 | pcfndjsn.net | udp |
| US | 8.8.8.8:53 | suquyoyooksm.com | udp |
| US | 8.8.8.8:53 | rejwrwpoa.info | udp |
| US | 8.8.8.8:53 | rprmetxk.net | udp |
| US | 8.8.8.8:53 | howjocnb.net | udp |
| US | 8.8.8.8:53 | uybazwfqrxr.info | udp |
| US | 8.8.8.8:53 | xmzgfbbwwpo.info | udp |
| US | 8.8.8.8:53 | jmuyzwjxj.net | udp |
| US | 8.8.8.8:53 | ygimca.com | udp |
| US | 8.8.8.8:53 | qwzqzciqb.net | udp |
| US | 8.8.8.8:53 | tzgazufkh.com | udp |
| US | 8.8.8.8:53 | sgescokcmo.org | udp |
| US | 8.8.8.8:53 | xribplzk.info | udp |
| US | 8.8.8.8:53 | aeleuofmvly.info | udp |
| CY | 62.228.214.77:22068 | tcp | |
| US | 8.8.8.8:53 | mchczirymvk.info | udp |
| US | 8.8.8.8:53 | lvmzao.info | udp |
| US | 8.8.8.8:53 | jehyhpbob.com | udp |
| US | 8.8.8.8:53 | fdchrb.info | udp |
| US | 8.8.8.8:53 | nltbtkzpuqh.org | udp |
| US | 8.8.8.8:53 | gefqupovtspz.info | udp |
| US | 8.8.8.8:53 | nwjezix.net | udp |
| US | 8.8.8.8:53 | nhvqqzjcbtb.net | udp |
| US | 8.8.8.8:53 | luaiurlae.info | udp |
| US | 8.8.8.8:53 | uaqoco.org | udp |
| US | 8.8.8.8:53 | mobsolfrxym.info | udp |
| US | 8.8.8.8:53 | rammtman.net | udp |
| US | 8.8.8.8:53 | hsfspwfirsr.org | udp |
| US | 8.8.8.8:53 | vgqgbvv.com | udp |
| US | 8.8.8.8:53 | sxbnmf.info | udp |
| US | 8.8.8.8:53 | osqmiw.com | udp |
| US | 8.8.8.8:53 | fumvct.net | udp |
| US | 8.8.8.8:53 | ukuqiioq.com | udp |
| US | 8.8.8.8:53 | eubktu.info | udp |
| US | 8.8.8.8:53 | xkbinqlub.org | udp |
| US | 8.8.8.8:53 | dnyidwf.info | udp |
| US | 8.8.8.8:53 | hxhjhg.net | udp |
| US | 8.8.8.8:53 | txnrsljc.info | udp |
| US | 8.8.8.8:53 | yadxtkefpqdf.net | udp |
| US | 8.8.8.8:53 | gqfecw.net | udp |
| US | 8.8.8.8:53 | vmzkhybal.com | udp |
| US | 8.8.8.8:53 | tnqeljbmaodb.info | udp |
| US | 8.8.8.8:53 | rwjurhh.org | udp |
| US | 8.8.8.8:53 | lhunovnibe.net | udp |
| US | 8.8.8.8:53 | mewqbgtuhpjh.net | udp |
| US | 8.8.8.8:53 | qngitmingp.net | udp |
| US | 8.8.8.8:53 | vquohwhgxy.info | udp |
| US | 8.8.8.8:53 | qghndknkfib.info | udp |
| US | 8.8.8.8:53 | vhslbqdz.net | udp |
| US | 8.8.8.8:53 | fkykpg.net | udp |
| US | 8.8.8.8:53 | tobtjoud.info | udp |
| US | 8.8.8.8:53 | ulwprsdpevsj.info | udp |
| US | 8.8.8.8:53 | wtzhqtiukizg.net | udp |
| DE | 89.116.169.141:30356 | tcp | |
| US | 8.8.8.8:53 | rahjdfquyme.org | udp |
| US | 8.8.8.8:53 | twzaiw.net | udp |
| US | 8.8.8.8:53 | qyjxvcif.net | udp |
| US | 8.8.8.8:53 | ttnjrhs.net | udp |
| US | 8.8.8.8:53 | ycvaibx.net | udp |
| US | 8.8.8.8:53 | xmiajclfh.info | udp |
| US | 8.8.8.8:53 | yhhoqkjyjp.net | udp |
| US | 8.8.8.8:53 | ypnmaeey.info | udp |
| US | 8.8.8.8:53 | dffyyghnym.net | udp |
| US | 8.8.8.8:53 | rkwlhccy.info | udp |
| US | 8.8.8.8:53 | koccycoymg.org | udp |
| US | 8.8.8.8:53 | dwsgoqw.net | udp |
| US | 8.8.8.8:53 | tqqxed.info | udp |
| US | 8.8.8.8:53 | nthafgeqx.org | udp |
| US | 8.8.8.8:53 | rwkchlj.org | udp |
| US | 8.8.8.8:53 | okyzsos.net | udp |
| US | 8.8.8.8:53 | rtefhvtfbb.info | udp |
| US | 8.8.8.8:53 | tyozuvasqmyo.info | udp |
| US | 8.8.8.8:53 | oagghmwo.net | udp |
| US | 8.8.8.8:53 | rohkraa.info | udp |
| US | 8.8.8.8:53 | csmakzbues.net | udp |
| US | 8.8.8.8:53 | vibshiiel.net | udp |
| US | 8.8.8.8:53 | qdiztg.info | udp |
| US | 8.8.8.8:53 | pvimfgudss.net | udp |
| US | 8.8.8.8:53 | aktlhxthivik.net | udp |
| US | 8.8.8.8:53 | ezzkvthr.info | udp |
| US | 8.8.8.8:53 | jklsrlrkj.org | udp |
| US | 8.8.8.8:53 | jjqtpeerkb.net | udp |
| US | 8.8.8.8:53 | wkvlfnitsmxn.net | udp |
| US | 8.8.8.8:53 | nbdnby.net | udp |
| US | 8.8.8.8:53 | kgwcqccfctor.info | udp |
| US | 8.8.8.8:53 | urkcltobhpwf.net | udp |
| US | 8.8.8.8:53 | yxrtyvnynrzx.info | udp |
| US | 8.8.8.8:53 | ysvsimnvff.info | udp |
| US | 8.8.8.8:53 | oismai.com | udp |
| US | 8.8.8.8:53 | aycslmxgr.info | udp |
| US | 8.8.8.8:53 | zyjnoachwtrr.info | udp |
| US | 8.8.8.8:53 | tuhvrdel.info | udp |
| US | 8.8.8.8:53 | eheflhppvg.net | udp |
| US | 8.8.8.8:53 | cwegwg.org | udp |
| GB | 89.191.127.123:33171 | tcp | |
| US | 8.8.8.8:53 | zarxuu.net | udp |
| US | 8.8.8.8:53 | loewnsai.net | udp |
| US | 8.8.8.8:53 | ekvojwletyz.info | udp |
| US | 8.8.8.8:53 | zifnnb.net | udp |
| US | 8.8.8.8:53 | cykogcgqqcuu.com | udp |
| US | 8.8.8.8:53 | slpudjztvg.net | udp |
| US | 8.8.8.8:53 | qapivof.net | udp |
| US | 8.8.8.8:53 | oozifimaf.net | udp |
| US | 8.8.8.8:53 | fcxgdsz.com | udp |
| US | 8.8.8.8:53 | idtkeovub.net | udp |
| US | 8.8.8.8:53 | ymhqxkvcn.info | udp |
| US | 8.8.8.8:53 | jbacuchohmfp.net | udp |
| US | 8.8.8.8:53 | myrwjqkrwpbk.info | udp |
| US | 8.8.8.8:53 | hujffpkzw.org | udp |
| US | 8.8.8.8:53 | dgozcitgrac.net | udp |
| US | 8.8.8.8:53 | wuffxwlb.info | udp |
| US | 8.8.8.8:53 | yybufaegqcc.net | udp |
| US | 8.8.8.8:53 | ettbde.info | udp |
| US | 8.8.8.8:53 | mkkaokck.org | udp |
| US | 8.8.8.8:53 | osnkmof.info | udp |
| US | 8.8.8.8:53 | mpkbfsgyp.info | udp |
| US | 8.8.8.8:53 | hzolpf.info | udp |
| US | 8.8.8.8:53 | fjlsfmfzbonp.info | udp |
| US | 8.8.8.8:53 | ykdtsg.net | udp |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| US | 8.8.8.8:53 | xglgikk.org | udp |
| US | 8.8.8.8:53 | ylcwflpnpxth.net | udp |
| US | 8.8.8.8:53 | qdnmhgdyrit.net | udp |
| US | 8.8.8.8:53 | lyfqledmb.info | udp |
| US | 8.8.8.8:53 | qyqigk.com | udp |
| US | 8.8.8.8:53 | gakctwplrid.info | udp |
| US | 8.8.8.8:53 | xwquhhxnlwta.info | udp |
| US | 8.8.8.8:53 | vheeegzid.info | udp |
| US | 8.8.8.8:53 | sktoxkjkiml.net | udp |
| US | 8.8.8.8:53 | fyaylmbcb.net | udp |
| US | 8.8.8.8:53 | ttclarlnrf.info | udp |
| US | 8.8.8.8:53 | xlzyqnqsby.info | udp |
| US | 8.8.8.8:53 | uzvmajb.net | udp |
| US | 8.8.8.8:53 | ahgrsi.info | udp |
| US | 8.8.8.8:53 | ekqaao.com | udp |
| US | 8.8.8.8:53 | xjlulezyn.net | udp |
| US | 8.8.8.8:53 | srbwryub.net | udp |
| US | 8.8.8.8:53 | lizvtrllzt.info | udp |
| US | 8.8.8.8:53 | rkjyfrxybqd.net | udp |
| US | 8.8.8.8:53 | goxrbc.info | udp |
| US | 8.8.8.8:53 | himwlg.info | udp |
| US | 8.8.8.8:53 | behipkxybae.net | udp |
| US | 8.8.8.8:53 | hjfdpmp.org | udp |
| US | 8.8.8.8:53 | ztwhumzdp.net | udp |
| US | 8.8.8.8:53 | xbpezstkdcv.org | udp |
| US | 8.8.8.8:53 | rjbifug.net | udp |
| US | 8.8.8.8:53 | bchttznyk.net | udp |
| US | 8.8.8.8:53 | tufcunhxajif.info | udp |
| US | 8.8.8.8:53 | pgacpb.info | udp |
| US | 8.8.8.8:53 | bytavuir.info | udp |
| US | 8.8.8.8:53 | yqdindvszcl.info | udp |
| US | 8.8.8.8:53 | qbzsfpvhbs.info | udp |
| US | 8.8.8.8:53 | wqnjnqpbdz.info | udp |
| US | 8.8.8.8:53 | ldlrgk.info | udp |
| US | 8.8.8.8:53 | jylokyhyjbp.info | udp |
| US | 8.8.8.8:53 | xizlzkfxlcd.net | udp |
| US | 8.8.8.8:53 | qwwqma.com | udp |
| US | 8.8.8.8:53 | dctdrchij.com | udp |
| US | 8.8.8.8:53 | bmzpxcmoz.com | udp |
| US | 8.8.8.8:53 | sqvsvdlut.info | udp |
| US | 8.8.8.8:53 | owtumceqt.info | udp |
| US | 8.8.8.8:53 | uohutebsbme.net | udp |
| US | 8.8.8.8:53 | kmmaauko.org | udp |
| US | 8.8.8.8:53 | runvkj.info | udp |
| US | 8.8.8.8:53 | lawvohhxox.info | udp |
| US | 8.8.8.8:53 | ewkqgywskasg.org | udp |
| US | 8.8.8.8:53 | sgdzhklkvfso.info | udp |
| US | 8.8.8.8:53 | cqlovot.net | udp |
| US | 8.8.8.8:53 | gafgtqtec.info | udp |
| US | 8.8.8.8:53 | vmrzybdk.net | udp |
| US | 8.8.8.8:53 | jsjoguiob.com | udp |
| US | 8.8.8.8:53 | vgwgpmtyftv.info | udp |
| US | 8.8.8.8:53 | skqsiiae.org | udp |
| US | 8.8.8.8:53 | vtamfyw.org | udp |
| US | 8.8.8.8:53 | nqmijhobjitu.info | udp |
| US | 8.8.8.8:53 | ofaqwp.net | udp |
| US | 8.8.8.8:53 | alyypvemovoc.net | udp |
| US | 8.8.8.8:53 | vevivzpezoh.com | udp |
| US | 8.8.8.8:53 | kthcsoxy.net | udp |
| US | 8.8.8.8:53 | qlstpgkhcjbu.net | udp |
| US | 8.8.8.8:53 | peviuijqt.com | udp |
| US | 8.8.8.8:53 | lkvebr.info | udp |
| US | 8.8.8.8:53 | dozxhutclyx.info | udp |
| US | 8.8.8.8:53 | nzitfaav.info | udp |
| US | 8.8.8.8:53 | dwycjaevb.info | udp |
| US | 8.8.8.8:53 | bhqndybxjor.net | udp |
| US | 8.8.8.8:53 | dxvevsig.info | udp |
| US | 8.8.8.8:53 | hpyynhszmwlk.info | udp |
| US | 8.8.8.8:53 | lktcrbw.com | udp |
| US | 8.8.8.8:53 | xekakmbgxun.com | udp |
| US | 8.8.8.8:53 | jdykvwei.info | udp |
| US | 8.8.8.8:53 | dngcvhowlab.net | udp |
| US | 8.8.8.8:53 | vbqpjmr.net | udp |
| US | 8.8.8.8:53 | wjuotofii.info | udp |
| US | 8.8.8.8:53 | muhthtzyzjny.info | udp |
| US | 8.8.8.8:53 | dkdczgl.info | udp |
| US | 8.8.8.8:53 | xffxdlzetct.com | udp |
| US | 8.8.8.8:53 | xabfkire.net | udp |
| US | 8.8.8.8:53 | eaictyqxc.info | udp |
| US | 8.8.8.8:53 | bdvjhsx.org | udp |
| US | 8.8.8.8:53 | osbrtk.net | udp |
| US | 8.8.8.8:53 | dyfwwcvgfft.org | udp |
| US | 8.8.8.8:53 | vgqxvqngngx.info | udp |
| US | 8.8.8.8:53 | fidkllj.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\wcycexrfgmi.exe
| MD5 | 1dd5dd5561723f37ccc81e15ecdbf830 |
| SHA1 | eeb9131c8d276ceb710d163e89fdc62b3e111971 |
| SHA256 | c8c542ac3f6526d1501c2b9d6262bfa029a1ac0d9dd6b3c1965977abdd8bd126 |
| SHA512 | b4881d7cd0c2ceeba067e13d23763e739389108d1269acd6c343dd308aa1fedde89da696a8482944342f44ea1094ea6b50021a15d4c6d03762ba032a9598bba5 |
C:\Windows\SysWOW64\rfbnkcqkarpcfqzzav.exe
| MD5 | b83fcfe1963876af901a35e7f36a53a0 |
| SHA1 | 3fb06cf673b7034254f4beae6b14e7122f82816f |
| SHA256 | 9aab7948f428921efcc735e88e5adad78ff27a73e6cb2d54d9cfddae3286cf22 |
| SHA512 | 5b4a32891aed254617e48f92bf7003a68a1f377ae9b9a73ce7209ea98a389d39270ba311be1e21b6bb051bd51968f51bfdb6c73624f8000edb84c041ed5201e3 |
C:\Users\Admin\AppData\Local\Temp\efonx.exe
| MD5 | 082a1feb8ae407e8bbb76d213e616038 |
| SHA1 | eeb91b6dcc33b2d9b0126a86535c5b34a38bd3bb |
| SHA256 | fd7ca082fd1f46df4b0889cd44d5df7368656374dbbc4cf924f9234c7bc98e58 |
| SHA512 | 52edcc65a3ae470b6f87e0a57c00cfbded08eff39836cfc7b334f6f6283a2e401018778743ffef4159b2f32171f2f3564404151e38b878538c781e96e74ffece |
C:\Users\Admin\AppData\Local\vvdbkoouwzjixupbovppxveiio.tdc
| MD5 | 9ed05e9cc778a857b905fc6f52a664ec |
| SHA1 | 5abb5545dbf65e717fa99b3ba95fb173b1c26c19 |
| SHA256 | 5598fa00aba3376f05f8cf3b1499c975da65c41a9e688c38065e0ca64b8d2c29 |
| SHA512 | a4d8141e9b05090c47f524f67ba415d444e8d5ab632393f0095c41818e515f16065174abb1b103123c4e3a5f5cb6014ebf47007372a96407d2d3de7b4f5401e0 |
C:\Users\Admin\AppData\Local\whajdsduhvqaaioljbgrktncnerfakksyvtlq.udx
| MD5 | 5ff48510b43f94c7da9fea97b15e3eb2 |
| SHA1 | b3dc5158f7d4de36f92c2289811d86ebda8e4e69 |
| SHA256 | 225b0759c951c4a15e25b6013c9346bfa874cd78be32198d46918d9649511499 |
| SHA512 | 9677341e8e9b0c76a8aacc83f94b329df79a3e27ef2d9f1b47a396ecc38870264667393d3e41db38f40fc20425e773dcd36697eb9725800b59f7dbf9d0311541 |
C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc
| MD5 | 191d08fb0b64dfaa2064d58b92b9908b |
| SHA1 | c9e3790aea029b65d3ebf9b1ff31e09958da56d7 |
| SHA256 | 2c22de693e2f1c4e312dff1f443ccd7916bb27d7ed199194203ffdc896e36e25 |
| SHA512 | b66d7fca1f7bc710eedde5059c54404bfd8269ac6deb4916e0101b3a25b49b51d13b3d42706fb8ee2153015bce92dfd6bee12a2f641a062e7c176de587633507 |
C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc
| MD5 | 0eeaf831d2254c1cb67b3a0ff7b99342 |
| SHA1 | 593b71ea07839d6c5077ca0de7654d55e72ef0ef |
| SHA256 | b0a55af599634e89bff8f0c39c867762a5ed9c9344cdab292bc1d498650531c3 |
| SHA512 | 2ed09be05820f54de24fb63cd67d488f550e71a6941459108cc3add65faf547065ae1860da69cd38fa38e937fb0b4882ef6c2a0c509e66b06a96e227e9f95bab |
C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc
| MD5 | 06da01e51ddf19c3dd6098cb4e832111 |
| SHA1 | 1cd19f242c19351a62c0135fc1b96bc49d75e215 |
| SHA256 | 5fdc7f6a6db2ca790c109616cda65a0b14588aa7fe1828ea2d3176b6deae85b8 |
| SHA512 | ca30921b5af9db38501a3ea91c7232b13d28b918ce73d7d56b3d9f156317ba0226cca418615275396806c2f1ab94273334eadaff520ced947618a71775b3db09 |
C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc
| MD5 | f19ea128259dd056c543290bafa6452a |
| SHA1 | 863fecca4c3abba735a48978dc81dd722dc7fce5 |
| SHA256 | f0408963777902b43275314bca84b4d4ab09092bb48fb7f2700b9f833b804dae |
| SHA512 | 502c6ef5bd56b78c70d5b0d3a6383f8988c31a836f016696da0318806e1201ea18190ddfa0156d89b80c0074a667fd3453b1d8bdc610ee57bb81d58fd5591410 |
C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc
| MD5 | 173ccaf2898804074958f19f72cb08db |
| SHA1 | c106485af8b9b412aa3a41a459fca9087df088ce |
| SHA256 | 6d0495d65644b4155c604eac1b6f7fb78ac47938b37f0e8c68f691920825ae26 |
| SHA512 | d3f3b6adcb02965d1e1ddeb1f6114ce89b33cac30ea003a10619a75a2fc8a0121ea5920fd359bd36f21f362b085e779c6c1f84eadf475eb91b0737753debc4f7 |
C:\Program Files (x86)\vvdbkoouwzjixupbovppxveiio.tdc
| MD5 | d9c04b4353db1e00aa5e1d736b6fbabf |
| SHA1 | f88a7f1d53a830a909be8697fd177dc19d2dcdd8 |
| SHA256 | e6fedf4120ce3e5244ea45a672e3f5d96febaa88c2a399153bc4bbf569b85ca2 |
| SHA512 | b04b0cb02cb2970bd8faa2efdea92fd9054ee5e18c35d4703f626ce58dafad2dfdbf9dcd1f1d22ae399f9342c19ab3c766a07df1c3711ac42099bec9d5d64f0c |