Analysis Overview
SHA256
19bfc62f4162a8399e6c22f14721710d96007e027aaa8154e3d80bb725c360e4
Threat Level: Known bad
The file JaffaCakes118_b9c1a84350d1c4881dd1eac4ffb453b0 was found to be: Known bad.
Malicious Activity Summary
Pykspa family
Modifies WinLogon for persistence
Pykspa
UAC bypass
Detect Pykspa worm
Disables RegEdit via registry modification
Adds policy Run key to start application
Checks computer location settings
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Checks whether UAC is enabled
Looks up external IP address via web service
Adds Run key to start application
Hijack Execution Flow: Executable Installer File Permissions Weakness
Drops file in System32 directory
Drops autorun.inf file
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-15 11:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-15 11:57
Reported
2025-04-15 11:59
Platform
win10v2004-20250410-en
Max time kernel
49s
Max time network
131s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pnxcmr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ijwerzdqx = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\rbxokbokapyvovlzpk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\rbxokbokapyvovlzpk.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Control Panel\International\Geo\Nation | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sxoardlcnxbth = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "irmcxnzujxfbtzobq.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "bjdsmbmguhojaftf.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sxoardlcnxbth = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sxoardlcnxbth = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "irmcxnzujxfbtzobq.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rbxokbokapyvovlzpk.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "erqkjdtsldpplvofywsfe.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "bjdsmbmguhojaftf.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "erqkjdtsldpplvofywsfe.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sxoardlcnxbth = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "irmcxnzujxfbtzobq.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "rbxokbokapyvovlzpk.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sxoardlcnxbth = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sxoardlcnxbth = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "pbzsqjywofqpktlbtqlx.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sxoardlcnxbth = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "cnkczrfctjtrltkzqmg.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbzsqjywofqpktlbtqlx.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "cnkczrfctjtrltkzqmg.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bjdsmbmguhojaftf.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "cnkczrfctjtrltkzqmg.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "rbxokbokapyvovlzpk.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wzoynxdsbjl = "cnkczrfctjtrltkzqmg.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdraoxcqyf = "bjdsmbmguhojaftf.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cnkczrfctjtrltkzqmg.exe ." | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\rrdkwdgs = "C:\\Users\\Admin\\AppData\\Local\\Temp\\irmcxnzujxfbtzobq.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\txnyozgwgpsj = "C:\\Users\\Admin\\AppData\\Local\\Temp\\erqkjdtsldpplvofywsfe.exe ." | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cbmsdjl = "pbzsqjywofqpktlbtqlx.exe" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File created | C:\Windows\SysWOW64\bdraoxcqyfgvgfntbozbpymvaowdeted.rzm | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gxaybztwtpfjjxupmoofi.jhb | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\bdraoxcqyfgvgfntbozbpymvaowdeted.rzm | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\bdraoxcqyfgvgfntbozbpymvaowdeted.rzm | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File created | C:\Program Files (x86)\bdraoxcqyfgvgfntbozbpymvaowdeted.rzm | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\gxaybztwtpfjjxupmoofi.jhb | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File created | C:\Program Files (x86)\gxaybztwtpfjjxupmoofi.jhb | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\bjdsmbmguhojaftf.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\erqkjdtsldpplvofywsfe.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\pbzsqjywofqpktlbtqlx.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\rbxokbokapyvovlzpk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\vjjeezqqkdqroztlfebppk.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\cnkczrfctjtrltkzqmg.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| File opened for modification | C:\Windows\irmcxnzujxfbtzobq.exe | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\bjdsmbmguhojaftf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe"
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe
"C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe" "-C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe"
C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe
"C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe" "-C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\rbxokbokapyvovlzpk.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\cnkczrfctjtrltkzqmg.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\pbzsqjywofqpktlbtqlx.exe*."
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\bjdsmbmguhojaftf.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\bjdsmbmguhojaftf.exe
bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\bjdsmbmguhojaftf.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\erqkjdtsldpplvofywsfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe .
C:\Windows\cnkczrfctjtrltkzqmg.exe
cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\cnkczrfctjtrltkzqmg.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rbxokbokapyvovlzpk.exe .
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Windows\rbxokbokapyvovlzpk.exe
rbxokbokapyvovlzpk.exe .
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\rbxokbokapyvovlzpk.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pbzsqjywofqpktlbtqlx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c erqkjdtsldpplvofywsfe.exe .
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe .
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\irmcxnzujxfbtzobq.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c irmcxnzujxfbtzobq.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\rbxokbokapyvovlzpk.exe
C:\Windows\erqkjdtsldpplvofywsfe.exe
erqkjdtsldpplvofywsfe.exe .
C:\Windows\pbzsqjywofqpktlbtqlx.exe
pbzsqjywofqpktlbtqlx.exe
C:\Windows\irmcxnzujxfbtzobq.exe
irmcxnzujxfbtzobq.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\users\admin\appdata\local\temp\pbzsqjywofqpktlbtqlx.exe*."
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Users\Admin\AppData\Local\Temp\erqkjdtsldpplvofywsfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cnkczrfctjtrltkzqmg.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cnkczrfctjtrltkzqmg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bjdsmbmguhojaftf.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\pbzsqjywofqpktlbtqlx.exe
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
"C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe" "c:\windows\erqkjdtsldpplvofywsfe.exe*."
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe
C:\Users\Admin\AppData\Local\Temp\bjdsmbmguhojaftf.exe .
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.whatismyip.ca | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | www.showmyipaddress.com | udp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 172.66.43.169:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | whatismyip.everdot.org | udp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| GB | 2.18.190.144:80 | www.adobe.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| GB | 2.18.190.144:80 | www.adobe.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\fvhhqxgupfr.exe
| MD5 | 838bacd7ba6249144711a2bf8bc7b80a |
| SHA1 | de953447809e72922c5299fa2c9a8ff73c805f98 |
| SHA256 | f820f58c72644862a9ded05cb9cc6353baebcdac479309237858b41a300a303c |
| SHA512 | a5dc6e35d037b286e4bf92c68d001eb0d2885b88651cdc75cc89f7e0d0fc348bbaefe00217945dc79947371865eeeb52f96e82b7cc32e466a274f307c86a60d1 |
C:\Windows\SysWOW64\rbxokbokapyvovlzpk.exe
| MD5 | b9c1a84350d1c4881dd1eac4ffb453b0 |
| SHA1 | e2c094bbe105e9ced9c996c140f4fb1ae5f48585 |
| SHA256 | 19bfc62f4162a8399e6c22f14721710d96007e027aaa8154e3d80bb725c360e4 |
| SHA512 | 4122450a3b2fb3698229b12cac896378eee63798ca6c928addfd1a5fdd4af87001c55b19a3072e643bc8586a596f4af6f1b1920c15aa63404212636329da192c |
C:\Users\Admin\AppData\Local\Temp\pnxcmr.exe
| MD5 | 9559ab86c1345c15b5ef71e5cd032cc2 |
| SHA1 | b79c3d6551f1c9584e5d0f37fd31c65a66e7cd4f |
| SHA256 | 2c0e0f3d504d7162a98503f23918d0f96e5529796a677400ab985752f64b463f |
| SHA512 | 91d2ca94e6d014d8fc0178b98094b1654f1f1717e81d6eb4e858fb63acdcb0fcd77eafea951034af4892f21f850af05828beb2a70f50ec7a581e4bc7c29f0dfb |
C:\Users\Admin\AppData\Local\gxaybztwtpfjjxupmoofi.jhb
| MD5 | 74899d647faec4471aec7c976d6c43eb |
| SHA1 | e0939c94e8ce0864b0bf7c284293124ea178e6d7 |
| SHA256 | 196a96f9c2de6b3055a012686a61960335a82a227b5fa177bb90767046d251d2 |
| SHA512 | 2e189012e53008632e48a8f585959b7bfa6b8a1838a451e9534a723a4a880aa7a4e271fac2969a60e69836cba000fa9249f0ea459552bbe3601f90ab4d6dfc91 |
C:\Users\Admin\AppData\Local\bdraoxcqyfgvgfntbozbpymvaowdeted.rzm
| MD5 | 0b7a36ecadd0b17904ed4e205eef30fb |
| SHA1 | 790aabc147c4f8f280ba9fd2605649ad9ff6a5fa |
| SHA256 | 256325344a62f486d85c9cbc6adf2fc072382e7559d193e699003e650b1d1ffa |
| SHA512 | f84d1b13c9a850660923bfc1962efbbbfa42743b8416611334ae380e933065ff62dc063d4a19226d6c2e9d98ac0acb3a1b39a4047b962ca624bdfb51c08a6ab7 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-04-15 11:57
Reported
2025-04-15 11:59
Platform
win11-20250410-en
Max time kernel
51s
Max time network
153s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Pykspa
Pykspa family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Detect Pykspa worm
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\qzretdzgujzhec = "brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\tzoykrkozly = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yjdsjvtcsjblkkkm = "frmcuhgqhzsddefiu.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "znkcwlmyrlgtvybgugd.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe ." | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "frmcuhgqhzsddefiu.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "yjdsjvtcsjblkkkm.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yjdsjvtcsjblkkkm = "mbzsndfsmhdruycixkix.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "znkcwlmyrlgtvybgugd.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "obxohvvgyrlxyacgte.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "frmcuhgqhzsddefiu.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe ." | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "mbzsndfsmhdruycixkix.exe ." | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\frmcuhgqhzsddefiu.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yjdsjvtcsjblkkkm = "brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "frmcuhgqhzsddefiu.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\qxnyltnserfl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "yjdsjvtcsjblkkkm.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\pxoaoxsylzovr = "brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\yjdsjvtcsjblkkkm = "yjdsjvtcsjblkkkm.exe ." | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mbzsndfsmhdruycixkix.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "yjdsjvtcsjblkkkm.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "znkcwlmyrlgtvybgugd.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yjdsjvtcsjblkkkm.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\frmcuhgqhzsddefiu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obxohvvgyrlxyacgte.exe ." | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Software\Microsoft\Windows\CurrentVersion\Run\tdwkaliqfvmvtsr = "frmcuhgqhzsddefiu.exe" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obxohvvgyrlxyacgte = "C:\\Users\\Admin\\AppData\\Local\\Temp\\brqkgxaojfcrvafmcqpfe.exe" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | www.showmyipaddress.com | N/A | N/A |
| N/A | www.whatismyip.ca | N/A | N/A |
| N/A | whatismyip.everdot.org | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File created | C:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File created | F:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File created | C:\Windows\SysWOW64\qzretdzgujzhecaajqirjwlvrymbrzwussbi.jbo | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\ljqswvgcfjolxkxmkgnlsuyxi.hlq | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Program Files (x86)\qzretdzgujzhecaajqirjwlvrymbrzwussbi.jbo | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File created | C:\Program Files (x86)\qzretdzgujzhecaajqirjwlvrymbrzwussbi.jbo | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ljqswvgcfjolxkxmkgnlsuyxi.hlq | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\ljqswvgcfjolxkxmkgnlsuyxi.hlq | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\qzretdzgujzhecaajqirjwlvrymbrzwussbi.jbo | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File created | C:\Windows\qzretdzgujzhecaajqirjwlvrymbrzwussbi.jbo | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\obxohvvgyrlxyacgte.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\sjjebtxmifdtyeksjyyppk.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\mbzsndfsmhdruycixkix.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\znkcwlmyrlgtvybgugd.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\frmcuhgqhzsddefiu.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| File opened for modification | C:\Windows\yjdsjvtcsjblkkkm.exe | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mbzsndfsmhdruycixkix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mbzsndfsmhdruycixkix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\mbzsndfsmhdruycixkix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\obxohvvgyrlxyacgte.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\yjdsjvtcsjblkkkm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\frmcuhgqhzsddefiu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "1" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\zbmsads.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe"
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\jaffacakes118_b9c1a84350d1c4881dd1eac4ffb453b0.exe*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\zbmsads.exe
"C:\Users\Admin\AppData\Local\Temp\zbmsads.exe" "-C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe"
C:\Users\Admin\AppData\Local\Temp\zbmsads.exe
"C:\Users\Admin\AppData\Local\Temp\zbmsads.exe" "-C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\yjdsjvtcsjblkkkm.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe .
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c znkcwlmyrlgtvybgugd.exe
C:\Windows\znkcwlmyrlgtvybgugd.exe
znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\obxohvvgyrlxyacgte.exe*."
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\frmcuhgqhzsddefiu.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe .
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\yjdsjvtcsjblkkkm.exe*."
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c yjdsjvtcsjblkkkm.exe
C:\Windows\yjdsjvtcsjblkkkm.exe
yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\obxohvvgyrlxyacgte.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe .
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\brqkgxaojfcrvafmcqpfe.exe
brqkgxaojfcrvafmcqpfe.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c frmcuhgqhzsddefiu.exe .
C:\Windows\frmcuhgqhzsddefiu.exe
frmcuhgqhzsddefiu.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\frmcuhgqhzsddefiu.exe*."
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\mbzsndfsmhdruycixkix.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Users\Admin\AppData\Local\Temp\yjdsjvtcsjblkkkm.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe .
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Users\Admin\AppData\Local\Temp\obxohvvgyrlxyacgte.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\windows\mbzsndfsmhdruycixkix.exe*."
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe
C:\Users\Admin\AppData\Local\Temp\znkcwlmyrlgtvybgugd.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\znkcwlmyrlgtvybgugd.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Users\Admin\AppData\Local\Temp\frmcuhgqhzsddefiu.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe
C:\Users\Admin\AppData\Local\Temp\brqkgxaojfcrvafmcqpfe.exe .
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
"C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe" "c:\users\admin\appdata\local\temp\brqkgxaojfcrvafmcqpfe.exe*."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mbzsndfsmhdruycixkix.exe
C:\Windows\mbzsndfsmhdruycixkix.exe
mbzsndfsmhdruycixkix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c obxohvvgyrlxyacgte.exe .
C:\Windows\obxohvvgyrlxyacgte.exe
obxohvvgyrlxyacgte.exe .
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c brqkgxaojfcrvafmcqpfe.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 104.19.222.79:80 | whatismyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.67.155.175:80 | www.showmyipaddress.com | tcp |
| US | 172.66.40.87:80 | www.whatismyip.com | tcp |
| US | 34.111.176.156:80 | www.myspace.com | tcp |
| SG | 180.215.73.232:19641 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| BG | 109.121.251.137:34242 | tcp | |
| US | 8.8.8.8:53 | riwggatvku.net | udp |
| US | 8.8.8.8:53 | qetblcp.info | udp |
| US | 8.8.8.8:53 | dqjrswwie.com | udp |
| US | 8.8.8.8:53 | xfyzcliuhtjc.net | udp |
| MD | 188.237.129.253:31262 | tcp | |
| US | 8.8.8.8:53 | hpeucnfc.info | udp |
| US | 8.8.8.8:53 | dyjimy.info | udp |
| US | 8.8.8.8:53 | kgwovpmux.info | udp |
| US | 93.180.203.127:33325 | tcp | |
| US | 8.8.8.8:53 | fdlbrec.info | udp |
| US | 8.8.8.8:53 | bdxddkrvo.org | udp |
| US | 8.8.8.8:53 | zhpqvm.info | udp |
| TR | 46.1.178.249:43014 | tcp | |
| US | 8.8.8.8:53 | trwirs.info | udp |
| US | 8.8.8.8:53 | oojgoo.net | udp |
| US | 8.8.8.8:53 | eujcdalm.info | udp |
| TR | 78.169.67.181:26921 | tcp | |
| US | 8.8.8.8:53 | plvydh.net | udp |
| US | 8.8.8.8:53 | lvzawgnjgazj.info | udp |
| US | 8.8.8.8:53 | vvvwqixitbr.com | udp |
| KZ | 178.90.132.82:16160 | tcp | |
| US | 8.8.8.8:53 | zxegvt.net | udp |
| US | 8.8.8.8:53 | xrctizgjhu.net | udp |
| US | 8.8.8.8:53 | tilgoixn.info | udp |
| LV | 77.38.217.46:39917 | tcp | |
| US | 8.8.8.8:53 | oopqdamgqme.net | udp |
| US | 8.8.8.8:53 | vkpzxu.info | udp |
| US | 8.8.8.8:53 | dgtmdybkns.net | udp |
| LT | 86.100.28.108:13964 | tcp | |
| US | 8.8.8.8:53 | obfcnytd.net | udp |
| US | 8.8.8.8:53 | ewiuauieao.com | udp |
| PK | 103.12.120.171:18384 | tcp | |
| US | 8.8.8.8:53 | hawfyqp.net | udp |
| US | 8.8.8.8:53 | bunzpahdi.com | udp |
| PK | 111.119.188.16:24907 | tcp | |
| US | 8.8.8.8:53 | qseoumkkca.org | udp |
| KZ | 2.134.31.242:36488 | tcp | |
| US | 8.8.8.8:53 | lreubkbwfsvr.net | udp |
| KZ | 178.91.27.10:44010 | tcp | |
| US | 8.8.8.8:53 | ymcypcpuo.net | udp |
| US | 8.8.8.8:53 | sssikyme.org | udp |
| US | 8.8.8.8:53 | gdiecndz.net | udp |
| BG | 109.121.251.137:34242 | tcp | |
| US | 8.8.8.8:53 | givvdko.info | udp |
| US | 8.8.8.8:53 | vphpoazahk.info | udp |
| US | 8.8.8.8:53 | fevpfshvp.org | udp |
| US | 8.8.8.8:53 | bpxpjgf.net | udp |
| BR | 200.161.101.50:34810 | tcp | |
| US | 8.8.8.8:53 | yywyhohomrx.net | udp |
| US | 8.8.8.8:53 | gkkiki.org | udp |
| NL | 176.101.61.92:43724 | tcp | |
| DE | 85.214.228.140:80 | gyuuym.org | tcp |
| SG | 18.142.91.111:80 | unxfuild.info | tcp |
| US | 104.156.155.94:80 | cydlrge.info | tcp |
| US | 8.8.8.8:53 | actlyiz.net | udp |
| US | 8.8.8.8:53 | gcdphcuo.net | udp |
| US | 8.8.8.8:53 | dkakxir.com | udp |
| US | 8.8.8.8:53 | eejvxqlpeab.net | udp |
| US | 8.8.8.8:53 | qtgqqinahbp.info | udp |
| US | 8.8.8.8:53 | hkrejmf.org | udp |
| US | 8.8.8.8:53 | ebokcprbw.info | udp |
| US | 8.8.8.8:53 | tcvuvhjwh.info | udp |
| US | 8.8.8.8:53 | isaqvwvoz.info | udp |
| US | 8.8.8.8:53 | tiuwjncqtq.net | udp |
| US | 8.8.8.8:53 | zrvqjgtf.net | udp |
| US | 8.8.8.8:53 | jubvpax.info | udp |
| US | 8.8.8.8:53 | erkkchbzwwt.info | udp |
| US | 8.8.8.8:53 | lrizwpxcpv.info | udp |
| US | 8.8.8.8:53 | hedqdcqtvgl.org | udp |
| US | 8.8.8.8:53 | xuuspo.info | udp |
| US | 8.8.8.8:53 | svpidwu.net | udp |
| US | 8.8.8.8:53 | vgyqtpcnj.net | udp |
| US | 8.8.8.8:53 | ucqyyewa.com | udp |
| US | 8.8.8.8:53 | nyuzczoi.info | udp |
| US | 8.8.8.8:53 | rhcborknoj.net | udp |
| US | 8.8.8.8:53 | igqgkwuysyca.org | udp |
| US | 8.8.8.8:53 | lqpenxf.org | udp |
| US | 8.8.8.8:53 | aecorsmkwxv.net | udp |
| US | 8.8.8.8:53 | jvigxrrchb.net | udp |
| US | 8.8.8.8:53 | njmyupro.net | udp |
| US | 8.8.8.8:53 | bobbdvtqt.org | udp |
| US | 8.8.8.8:53 | caumgukqqiom.org | udp |
| US | 8.8.8.8:53 | xhgpvkuhkl.net | udp |
| US | 8.8.8.8:53 | xrpwmsl.info | udp |
| US | 8.8.8.8:53 | dotksydeo.org | udp |
| US | 8.8.8.8:53 | wlqkaa.net | udp |
| US | 8.8.8.8:53 | wazwlesbbnlj.net | udp |
| US | 8.8.8.8:53 | suyygo.org | udp |
| US | 8.8.8.8:53 | zszvraw.net | udp |
| US | 8.8.8.8:53 | iusioomq.org | udp |
| US | 8.8.8.8:53 | qpncsrph.net | udp |
| US | 8.8.8.8:53 | jquxzj.info | udp |
| US | 8.8.8.8:53 | dgroesgczqf.org | udp |
| US | 8.8.8.8:53 | wcsbrpz.net | udp |
| US | 8.8.8.8:53 | cjplpm.info | udp |
| US | 8.8.8.8:53 | ouruimewpej.info | udp |
| US | 8.8.8.8:53 | uwcuws.org | udp |
| US | 8.8.8.8:53 | iqauqkuogkky.com | udp |
| US | 8.8.8.8:53 | hoborea.net | udp |
| US | 8.8.8.8:53 | azlfou.info | udp |
| US | 8.8.8.8:53 | jtaidgac.info | udp |
| US | 8.8.8.8:53 | umyicieyee.org | udp |
| US | 8.8.8.8:53 | jkssnbkem.com | udp |
| US | 8.8.8.8:53 | esckmagcmo.org | udp |
| US | 8.8.8.8:53 | fzrfjposq.info | udp |
| US | 8.8.8.8:53 | pcirsgzhlu.info | udp |
| US | 8.8.8.8:53 | hyjchkcx.net | udp |
| US | 8.8.8.8:53 | vcsuct.net | udp |
| US | 8.8.8.8:53 | deasnwidjef.net | udp |
| US | 8.8.8.8:53 | fsyczawoha.info | udp |
| US | 8.8.8.8:53 | bdzvtmnkcxl.org | udp |
| US | 8.8.8.8:53 | atkzfclhbift.info | udp |
| US | 8.8.8.8:53 | lhenxejblgfr.info | udp |
| US | 8.8.8.8:53 | jifwjxlr.net | udp |
| US | 8.8.8.8:53 | brxejfal.net | udp |
| US | 8.8.8.8:53 | tlutrqda.info | udp |
| US | 8.8.8.8:53 | wueysyqiyg.org | udp |
| US | 8.8.8.8:53 | pdqkztoxkn.net | udp |
| US | 8.8.8.8:53 | tatidwvgk.info | udp |
| US | 8.8.8.8:53 | rzukpime.net | udp |
| US | 8.8.8.8:53 | jjrefkv.net | udp |
| US | 8.8.8.8:53 | vhhvehjz.net | udp |
| US | 8.8.8.8:53 | xiymhzbux.net | udp |
| US | 8.8.8.8:53 | hqklhiyl.net | udp |
| US | 8.8.8.8:53 | phtoggztqx.info | udp |
| US | 8.8.8.8:53 | kjskvzf.info | udp |
| US | 8.8.8.8:53 | mgiocemotks.info | udp |
| US | 8.8.8.8:53 | jnhgkgrstxm.com | udp |
| US | 8.8.8.8:53 | iciiqmay.com | udp |
| US | 8.8.8.8:53 | kqexvdog.net | udp |
| US | 8.8.8.8:53 | elphyesv.info | udp |
| US | 8.8.8.8:53 | lzbjkx.info | udp |
| US | 8.8.8.8:53 | tskmyvp.info | udp |
| US | 8.8.8.8:53 | enpnjodai.net | udp |
| US | 8.8.8.8:53 | cqhujduebap.net | udp |
| US | 8.8.8.8:53 | blriytvijot.com | udp |
| US | 8.8.8.8:53 | gosuwjetcx.info | udp |
| US | 8.8.8.8:53 | tbjdznb.com | udp |
| US | 8.8.8.8:53 | kyilnx.net | udp |
| US | 8.8.8.8:53 | ycuuqgyiscgu.org | udp |
| US | 8.8.8.8:53 | gbmqatfh.net | udp |
| US | 8.8.8.8:53 | gaqkygwq.org | udp |
| US | 8.8.8.8:53 | qizgxgvop.info | udp |
| US | 8.8.8.8:53 | jrbulad.info | udp |
| US | 8.8.8.8:53 | sqncad.net | udp |
| US | 8.8.8.8:53 | hhljmihfzlnz.net | udp |
| US | 8.8.8.8:53 | bpzorpfuhtf.org | udp |
| US | 8.8.8.8:53 | kwcydphcrgs.net | udp |
| US | 8.8.8.8:53 | ukagku.org | udp |
| US | 8.8.8.8:53 | gemwwqec.com | udp |
| US | 8.8.8.8:53 | abmunu.net | udp |
| US | 8.8.8.8:53 | xwiyhrj.org | udp |
| US | 8.8.8.8:53 | nmvehyrkcny.info | udp |
| US | 8.8.8.8:53 | jmnykt.info | udp |
| US | 8.8.8.8:53 | wvkmvfzxvodj.info | udp |
| US | 8.8.8.8:53 | bkngmvgi.net | udp |
| US | 8.8.8.8:53 | ieqwwj.net | udp |
| US | 8.8.8.8:53 | nwwefa.net | udp |
| US | 8.8.8.8:53 | bwvcggpmbmc.info | udp |
| US | 8.8.8.8:53 | helwwccqo.info | udp |
| US | 8.8.8.8:53 | cqymxwzmnum.info | udp |
| US | 8.8.8.8:53 | skuiki.com | udp |
| US | 8.8.8.8:53 | cgmocqekss.com | udp |
| US | 8.8.8.8:53 | bqdindvszcl.com | udp |
| US | 8.8.8.8:53 | qymuiaeg.com | udp |
| US | 8.8.8.8:53 | xqwboo.info | udp |
| US | 8.8.8.8:53 | oymmdlc.info | udp |
| US | 8.8.8.8:53 | eanyrik.info | udp |
| US | 8.8.8.8:53 | yvwwzkrnk.info | udp |
| US | 8.8.8.8:53 | emtgfezjf.info | udp |
| US | 8.8.8.8:53 | dykwknvmdfdj.info | udp |
| US | 8.8.8.8:53 | kuysyucago.org | udp |
| US | 8.8.8.8:53 | ikewtilij.info | udp |
| US | 8.8.8.8:53 | rthqrivhwdxm.net | udp |
| US | 8.8.8.8:53 | ldiklcyvom.net | udp |
| US | 8.8.8.8:53 | tgtyayekl.info | udp |
| US | 8.8.8.8:53 | wawaoiyk.com | udp |
| US | 8.8.8.8:53 | cesqcycmmy.org | udp |
| US | 8.8.8.8:53 | azhqocwy.net | udp |
| US | 8.8.8.8:53 | beftdpo.info | udp |
| US | 8.8.8.8:53 | rebarux.com | udp |
| US | 8.8.8.8:53 | xogqpeq.org | udp |
| US | 8.8.8.8:53 | lczoradauoz.net | udp |
| US | 8.8.8.8:53 | rnlsnzlvnkrp.info | udp |
| US | 8.8.8.8:53 | myuuec.org | udp |
| US | 8.8.8.8:53 | xcygjjv.com | udp |
| US | 8.8.8.8:53 | dazulnj.org | udp |
| US | 8.8.8.8:53 | kjkgihxh.info | udp |
| US | 8.8.8.8:53 | qxjgbsv.info | udp |
| US | 8.8.8.8:53 | dqvfqtbcd.net | udp |
| US | 8.8.8.8:53 | sqmugskqya.com | udp |
| US | 8.8.8.8:53 | mswiwe.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\sxrmhekochb.exe
| MD5 | c4c0eacae76a12e21d0ee9e9cc4eb3d8 |
| SHA1 | 047ba8084fb1dc0cd3b2fcddbd620c106eba9e26 |
| SHA256 | a4a5c3a7226c301017880b326b6b7b78d2001c0b27c0fce9ddbef6d6302415ba |
| SHA512 | d08970a86f282701cb99cfda8499c73c735dd37a471474853d213a926a1d74cdb12ded59c42710e17e7dedcd47ff09d368c6b5eb5726feb496a14c74bec09573 |
C:\Windows\SysWOW64\obxohvvgyrlxyacgte.exe
| MD5 | b9c1a84350d1c4881dd1eac4ffb453b0 |
| SHA1 | e2c094bbe105e9ced9c996c140f4fb1ae5f48585 |
| SHA256 | 19bfc62f4162a8399e6c22f14721710d96007e027aaa8154e3d80bb725c360e4 |
| SHA512 | 4122450a3b2fb3698229b12cac896378eee63798ca6c928addfd1a5fdd4af87001c55b19a3072e643bc8586a596f4af6f1b1920c15aa63404212636329da192c |
C:\Users\Admin\AppData\Local\Temp\zbmsads.exe
| MD5 | b1c1f6d849fca5b0679b0eb807530506 |
| SHA1 | 453eb6c69e8e45835471294b6f36c3442e9e2c44 |
| SHA256 | e8345830f9ebea52f6e7379fc90191d9833d2cb8ab8140045b8b238edacf64a5 |
| SHA512 | f719c0db22b94ad638bfb1105b574133b1b08d0a87f98afc410d18cfa7e5a39d8497283a92eb602d378dc4206f676722ec8e4baeb8b3534006f31cfd2d90de9d |
C:\Users\Admin\AppData\Local\ljqswvgcfjolxkxmkgnlsuyxi.hlq
| MD5 | 5b1fd19a528f384c9ede270a6c9437cf |
| SHA1 | a7b673a5d0bce26e03b46bcd4f361eb40e656606 |
| SHA256 | 26aeec408c8dd273ac5320db47b9baf72fa605684e2cd050463fdb04c2563164 |
| SHA512 | 747717613d704a8c32c5bfb380cd2d9605c2dd6648d344eee8f0ee7590d583fcbab2090a28a2e7db74b458788d9c08f8f94382039fba48f55d462fa14e176b2d |
C:\Users\Admin\AppData\Local\qzretdzgujzhecaajqirjwlvrymbrzwussbi.jbo
| MD5 | dcd76049f738fb81c0a2d737f227d3e9 |
| SHA1 | f812b76a6d236b120b0c95de058978190a80df72 |
| SHA256 | 32d78abcb32d43f7b056478e5a1a95e7ac4f5d77ddeac8de7ffca0e370749916 |
| SHA512 | 085f8efc53241fab8e172c2ac6be5ee3f7f53a35f899c3def1aee4913b4a5836fc5290cb6764042141085ecfd6760da1daf3d8ee4c88f595e98dd44c7767d89c |
C:\Program Files (x86)\ljqswvgcfjolxkxmkgnlsuyxi.hlq
| MD5 | 85754770fb695d989ae69ea2860e23ea |
| SHA1 | e49330359d4b8307585e1fb628111a87367ce6fe |
| SHA256 | 30c1f019aa4147e2aff5ff44ed822ba0b63ba7181b218007766c86a5ad970e4d |
| SHA512 | 8cf717986dffd8c633ac825a0f4ef9485cadf49cb99419fa8692efb3f0e52451e66cd3082704b4f7a69bed20a191d18434786578cf924b7d8c5d215d2af75345 |
C:\Program Files (x86)\ljqswvgcfjolxkxmkgnlsuyxi.hlq
| MD5 | 37ccf1b984c2bb2be4ebd3d5d267860f |
| SHA1 | fbf52dcd200feafa5e25b70349976044434e7bff |
| SHA256 | dc08d333d89165c2a1ca881538c88c1cbc7c25a0fff0dac7ea013feb87fb93c9 |
| SHA512 | 0cfc1aaaac4ffbc3efb66de5ad380fae669d581e604adf72426d83dce3326a5a34a46b4a568aa7600260fd36e93ae02f3320b10649a59ad64d163fb0208b4037 |
C:\Program Files (x86)\ljqswvgcfjolxkxmkgnlsuyxi.hlq
| MD5 | 163880ea36c614f61dc63b31caff2af6 |
| SHA1 | 568de0867f2365dd4072397981e1a27be9b7beab |
| SHA256 | cb1ade61a2a5732065a55594b1c66ade3e79074eb23a169450f73a0a9d190d29 |
| SHA512 | b5d0fdca36da52ccb989968f3a112bd8edda3829a82d6f3505a979633859fd4923d414dbdb7dc59defa71b35fc134849343033e9a576c8d883148e87e47479e9 |
C:\Program Files (x86)\ljqswvgcfjolxkxmkgnlsuyxi.hlq
| MD5 | 03934dc35f19b76bb4c1651b62eb36ec |
| SHA1 | 9efb1b84f0959f02f7b9964d4f7efcfb2ac5e7c1 |
| SHA256 | e015e15c3409274039c5f34795cfb7642c55f1c03bece4a5a3f1ee1db8125a56 |
| SHA512 | 96e3fa948bdde3b006d31d7b7251f818b6aa9b904632fda8b878a3ec36b3f06e348bb00e34f7b99e37c0a7d8707cb598c16f2e46dc1e42ac54d8b3f06aa851c6 |
C:\Program Files (x86)\ljqswvgcfjolxkxmkgnlsuyxi.hlq
| MD5 | 3475580dd8207bddc4c29347a62c5a8c |
| SHA1 | 2e29eab20d8de6a25c0b3fa013e3504e66f25647 |
| SHA256 | f06d006323508aad27f7f42e6da65651e1e81622057fcf47a8c815bfd580414c |
| SHA512 | 9df9b45d01bd09839cdd0ef66a266f0894e281de822ee566ee1ac122356a57010d238eac6ecb94c02a7e4cbc44be731022928e8e7359f20bb22df33184c31a54 |